phpBB2 remote execution command

[nullbyte <nullbyte () inetd-secure net>]

phpBB2 is vulnerable to remote execution command

All *nix running phpBB2 versoion 2.0.

Bug could be found at "phpBB2 root path" which is allowed remote attacker
to execute any command remotely.
The vulnerability of this attack start with
'/phpBB2/includes/db.php?phpbb_root_path=' but some backdoor server
are needed to launch the attack.

I did not look further into this bug.
It is tested on most *nix systems running phpBB2 version 2.0. Probably all
versions.

Bug was found by pokley and nullbyte

nullbyte
nullbyte () inetd-secure net

Attachment: phpBB2.tar.gz
Description: