|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Jose Romeo Vela (jrvela
aristasol.com)Date: Mon Mar 18 2002 - 19:17:42 CST
--- nullbyte <nullbyteinetd-secure.net> wrote:
> phpBB2 is vulnerable to remote execution command
>
> All *nix running phpBB2 versoion 2.0.
>
> Bug could be found at "phpBB2 root path" which is allowed remote
> attacker
> to execute any command remotely.
> The vulnerability of this attack start with
> '/phpBB2/includes/db.php?phpbb_root_path=' but some backdoor server
> are needed to launch the attack.
>
> I did not look further into this bug.
> It is tested on most *nix systems running phpBB2 version 2.0.
> Probably all
> versions.
>
> Bug was found by pokley and nullbyte
>
> nullbyte
> nullbyteinetd-secure.net
>
This bug only affects non-CVS versions. There is a fix available. For
details see:
http://phpbb.sourceforge.net/phpBB2/viewtopic.php?t=9105
---------------------------------------------------------------------
Jose Romeo Vela
jrvelaaristasol.com
http://www.aristasol.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]