6 matches found
FreeQBoard 1.0/1.1 QB_Path Parameter Multiple Remote File Include Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/21394/info FreeQboard is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. A successful exploit of these issues allows an attacker to execute arbitrary...
FreeQBoard 1.01.1 - QB_Path Multiple Remote File Inclusions
FreeQBoard 1.01.1 - QBPath Multiple Remote File Inclusions source: https://www.securityfocus.com/bid/21394/info FreeQboard is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. A successful exploit of these issues allows an attacker to...
FreeQBoard 1.0/1.1 - 'QB_Path' Multiple Remote File Inclusions
source: https://www.securityfocus.com/bid/21394/info FreeQboard is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. A successful exploit of these issues allows an attacker to execute arbitrary server-side script code on an affected...
freeqboard-rfi.txt
freeqboard = 1.1 qbpath Remote File Include Vulnerability Author: Mr.3FReeT Softname: freeqboard code in : about.php , contact.php , delete.php , faq.php , index.php include "config.php"; include $qbpath."incs/mysql.php"; Exploit : """""""" www.site.com/path/index.php?qbpath=shellcode.txt?...
FreeQBoard QB_Path远程文件包含漏洞
FreeQBoard是一款基于PHP的WEB应用程序。 FreeQBoard不充分过滤用户提交的URI输入,远程攻击者可以利用漏洞以WEB进程权限执行任意指令。 问题是多个脚本对用户提交的'QBPath'参数缺少过滤,指定远程服务器上的任意文件作为包含对象,可导致以进程权限执行任意指令。 free QBoard free QBoard 1.1 free QBoard free QBoard 1.0 目前没有解决方案提供: http://sourceforge.net/projects/freeqboard/...
freeqboard <= 1.1 (qb_path) Remote File Include Vulnerability
freeqboard = 1.1 qbpath Remote File Include Vulnerability Author: Mr.3FReeT Softname: freeqboard code in : about.php , contact.php , delete.php , faq.php , index.php include "config.php"; include $qbpath."incs/mysql.php"; Exploit : """""""" www.site.com/path/index.php?qbpath=shellcode.txt?...