phpBBmod (http://phpbbmod.sourceforge.net), an enhanced version of phpBB contains an open phpinfo.php file. Going to phpinfo.php on any board using phpBBmod (googling for "Boosted by phpBBmod" is around ~48,000 results, i tried a few from google search and they all had a phpinfo.php file) Solution: Remove phpinfo.php Exploit: Go to phpinfo.php on any board using phpBBmod Example: http://phpbbmod.sourceforge.net/phpBB/phpinfo.php Versions vulnerable: 1.3.3, older ones are proberably vulnerable too phpinfo discloses lots of info about the server that its running on so this is an issue that should be fixed. I have CCed Dwainehead, the main phpBBmod 1.x developer
