--- nullbyte <nullbyte@inetd-secure.net> wrote: > phpBB2 is vulnerable to remote execution command > > All *nix running phpBB2 versoion 2.0. > > Bug could be found at "phpBB2 root path" which is allowed remote > attacker > to execute any command remotely. > The vulnerability of this attack start with > '/phpBB2/includes/db.php?phpbb_root_path=' but some backdoor server > are needed to launch the attack. > > I did not look further into this bug. > It is tested on most *nix systems running phpBB2 version 2.0. > Probably all > versions. > > Bug was found by pokley and nullbyte > > nullbyte > nullbyte@inetd-secure.net > This bug only affects non-CVS versions. There is a fix available. For details see: http://phpbb.sourceforge.net/phpBB2/viewtopic.php?t=9105 --------------------------------------------------------------------- Jose Romeo Vela jrvela@aristasol.com http://www.aristasol.com/
