Bugtraq mailing list archives
Re: AzzCoder => PNphpBB (Latest) Remote File Include
From: "Carsten Eilers" <ceilers-lists () gmx de>
Date: Wed, 20 Sep 2006 23:12:37 +0200
Hi, azzcoder () hotmail com schrieb am Mon, 18 Sep 2006 03:28:06 +0000:
Vendor: http://www.pnphpbb.com/
This leads to the download of <http://noc.postnuke.com/frs/download.php/1089/PNphpBB2_1.2i.tar.gz> It this the version where you found the vulnerable file?
Vulnerable File: includes/functions_admin.php Vulnerable Code: include_once( $phpbb_root_path . 'includes/functions.' . $phpEx );
In the includes/functions_admin.php I found in the downloaded archiv is no include_once()-call, no use of $phpbb_root_path and if I looked right no executeable code, since the script only consist of function-declarations. So in this script is no vulnerability. Where did you find the vulnerable script/programm? Regards Carsten -- Dipl.-Inform. Carsten Eilers IT-Sicherheit und Datenschutz <http://www.ceilers-it.de>
Current thread:
- AzzCoder => PNphpBB (Latest) Remote File Include azzcoder (Sep 18)
- Re: AzzCoder => PNphpBB (Latest) Remote File Include Carsten Eilers (Sep 21)
- Re: AzzCoder => PNphpBB (Latest) Remote File Include str0ke (Sep 21)
- Re: AzzCoder => PNphpBB (Latest) Remote File Include Carsten Eilers (Sep 21)
- Re: AzzCoder => PNphpBB (Latest) Remote File Include str0ke (Sep 21)
- <Possible follow-ups>
- Re: AzzCoder => PNphpBB (Latest) Remote File Include Carsten Eilers (Sep 21)
- Re: AzzCoder => PNphpBB (Latest) Remote File Include Carsten Eilers (Sep 21)