Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: Re: # MHG Security Team --- PHP NUKE All version Remote File Inc.
From: nukedx () nukedx com
Date: 2 Jun 2006 00:49:48 -0000
Yeah,its so weird. vulnerable code in pagestart.php at line 68.
http://victim/modules/Forums/admin/admin_styles.php?phpbb_root_path=2
Warning: main(2common.php): failed to open stream: No such file or directory in 
C:\Inetpub\vhosts\victim\httpdocs\modules\Forums\admin\pagestart.php on line 68
Just edited victim for security purposes.
in pagestart.php at lines 67-68:
...
include("../../../mainfile.php");
include($phpbb_root_path.'common.'.$phpEx);
...
So it includes mainfile.php and i think this is making vulnerability.
in mainfile.php at lines 54-56
...
if (!ini_get("register_globals")) { 
    import_request_variables('GPC'); 
}
...
I tried it on some servers.It didnt work but for some worked, and all this servers has register_globals off and 
magic_quotes_gpc on.
This is so weird problem..
Regards,
Mustafa Can Bjorn IPEKCI (nukedx a.k.a nuker)

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]