phpBB link_main.php SupaNav Module phpbb_root_path Variable Remote File Inclusion

2007-07-18T00:00:00
ID OSVDB:36275
Type osvdb
Reporter bd0rk(bd0rk[at]hackermail.com)
Modified 2007-07-18T00:00:00

Description

Manual Testing Notes

http://[target]/[directory]/link_main.php?phpbb_root_path=[ShellCode]

References:

Secunia Advisory ID:26127 Other Advisory URL: http://milw0rm.com/exploits/4197 ISS X-Force ID: 35485 FrSIRT Advisory: ADV-2007-2575 CVE-2007-3935