Computer Security

Security Advisory: AzzCoder => phpBB XS 0.58 Remote File Include
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  Quicksilver Forums [(v1.2.
0)+(1.2.
1)] (set[include_path
]) Remote File Inclusion Vulnerabilities

  Signkorn Guestbook <= v1.3 (dir_path) Remote File Inclusion Exploit

  [SA21822] ccHost File ID SQL Injection Vulnerability

  Newsscript version 0.5 (print.php) Local File Inclusion Vulnerability

From:azzcoder_(at)_hotmail.com <azzcoder_(at)_hotmail.com>
Date:13.09.2006
Subject:AzzCoder => phpBB XS 0.58 Remote File Include

A important vulnerability into functions.php will allow a malicious user to insert a remote file.

The Vulnerable Code:

include_once( $phpbb_root_path . './includes/functions_categories_hierarchy.' . $phpEx );

(The phpbb_root_path isn't initialize and PHPBB_IN isn't checked)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru