Home page logo
/

bugtraq logo Bugtraq mailing list archives

phpBBmod contains an open phpinfo
From: "Roland Verlander" <rolyv () bigpond com>
Date: Thu, 10 Oct 2002 18:19:04 +1000

phpBBmod (http://phpbbmod.sourceforge.net), an enhanced version of phpBB
contains an open phpinfo.php file.

Going to phpinfo.php on any board using phpBBmod (googling for "Boosted by
phpBBmod" is around ~48,000 results, i tried a few from google search and
they all had a phpinfo.php file)

Solution: Remove phpinfo.php
Exploit: Go to phpinfo.php on any board using phpBBmod
Example: http://phpbbmod.sourceforge.net/phpBB/phpinfo.php
Versions vulnerable: 1.3.3, older ones are proberably vulnerable too

phpinfo discloses lots of info about the server that its running on so this
is an issue that should be fixed.

I have CCed Dwainehead, the main phpBBmod 1.x developer



  By Date           By Thread  

Current thread:
  • phpBBmod contains an open phpinfo Roland Verlander (Oct 10)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault