phpBB Auction Module Vulnerable To File Inclusion Exploit

    Date: 05/03/06 (Java Web)    Keywords: php

    Input passed to the "phpbb_root_path" parameter in "auction/auction_common.php" isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from external and local resources. The vulnerability, discovered by VietMafia, has been confirmed in version 1.3m. Other versions may also be affected. Protection / Solution 1. Disable "register_globals" 2. Edit the source [...]

    Source: http://blog.taragana.com/index.php/archive/phpbb-auction-module-vulnerable-to-file-inclusion-exploit/

« Banking Sites (like... || Top 10 Java Features (or... »


antivirus | apache | asp | blogging | browser | bugtracking | cms | crm | css | database | ebay | ecommerce | google | hosting | html | java | jsp | linux | microsoft | mysql | offshore | offshoring | oscommerce | php | postgresql | programming | rss | security | seo | shopping | software | spam | spyware | sql | technology | templates | tracker | virus | web | xml | yahoo | home