Re: ZoneX 1.0.3 - Publishers Gold Edition Remote File Inclusion Vulnerability

["Steven M. Christey" <coley () mitre org>]

> This vulnerability is not that dangerous because, firstly, if you want
> to exploit it, you must have exact file tree and correct name of the
> malicious script because that variable is never used alone but always
> in concatanation with script name and generic extension

In a typical PHP exploit scenario, the attacker could merely add a
null byte ("%00") to the phpbb_root_path parameter, which would then
cause the include call to ignore this extra file tree/name
information.  Is there some reason why a null byte wouldn't work in
this situation?

- Steve