Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: AzzCoder => PNphpBB (Latest) Remote File Include

From: str0ke <str0ke () milw0rm com>
Date: Thu, 21 Sep 2006 11:16:20 -0500
Carsten,

The vulnerability is in version 1.2g and below.

Source code :
http://prdownloads.sourceforge.net/pnphpbb2/

Vulnerability:
<?php
/***************************************************************************
*                            functions_admin.php
*                            -------------------
*   begin                : Saturday, Feb 13, 2001
*   copyright            : (C) 2001 The phpBB Group
*   email                : support () phpbb com
*
*   $Id: functions_admin.php,v 1.2 2004/08/29 21:59:05 carls Exp $
*
*
***************************************************************************/

/***************************************************************************
*
*   This program is free software; you can redistribute it and/or modify
*   it under the terms of the GNU General Public License as published by
*   the Free Software Foundation; either version 2 of the License, or
*   (at your option) any later version.
*
*
***************************************************************************/
// Begin PNphpBB2 Categories Hierarchie Mod
include_once( $phpbb_root_path . 'includes/functions.' . $phpEx );

Best Regards,
/str0ke
Previous By Date Next
Previous By Thread Next

Current thread: