mailing list archives
phpBBmod contains an open phpinfo
From: "Roland Verlander" <rolyv () bigpond com>
Date: Thu, 10 Oct 2002 18:19:04 +1000
phpBBmod (http://phpbbmod.sourceforge.net), an enhanced version of phpBB
contains an open phpinfo.php file.
Going to phpinfo.php on any board using phpBBmod (googling for "Boosted by
phpBBmod" is around ~48,000 results, i tried a few from google search and
they all had a phpinfo.php file)
Solution: Remove phpinfo.php
Exploit: Go to phpinfo.php on any board using phpBBmod
Versions vulnerable: 1.3.3, older ones are proberably vulnerable too
phpinfo discloses lots of info about the server that its running on so this
is an issue that should be fixed.
I have CCed Dwainehead, the main phpBBmod 1.x developer
- phpBBmod contains an open phpinfo Roland Verlander (Oct 10)