Hi, azzcoder@xxxxxxxxxxx schrieb am Mon, 18 Sep 2006 03:28:06 +0000: >Vendor: http://www.pnphpbb.com/ This leads to the download of <http://noc.postnuke.com/frs/download.php/1089/PNphpBB2_1.2i.tar.gz> It this the version where you found the vulnerable file? >Vulnerable File: includes/functions_admin.php > >Vulnerable Code: > >include_once( $phpbb_root_path . 'includes/functions.' . $phpEx ); In the includes/functions_admin.php I found in the downloaded archiv is no include_once()-call, no use of $phpbb_root_path and if I looked right no executeable code, since the script only consist of function-declarations. So in this script is no vulnerability. Where did you find the vulnerable script/programm? Regards Carsten -- Dipl.-Inform. Carsten Eilers IT-Sicherheit und Datenschutz <http://www.ceilers-it.de>
