<<< Date Index >>>     <<< Thread Index >>>

Re: AzzCoder => PNphpBB (Latest) Remote File Include



Carsten,

The vulnerability is in version 1.2g and below.

Source code :
http://prdownloads.sourceforge.net/pnphpbb2/

Vulnerability:
<?php
/***************************************************************************
*                            functions_admin.php
*                            -------------------
*   begin                : Saturday, Feb 13, 2001
*   copyright            : (C) 2001 The phpBB Group
*   email                : support@xxxxxxxxx
*
*   $Id: functions_admin.php,v 1.2 2004/08/29 21:59:05 carls Exp $
*
*
***************************************************************************/

/***************************************************************************
*
*   This program is free software; you can redistribute it and/or modify
*   it under the terms of the GNU General Public License as published by
*   the Free Software Foundation; either version 2 of the License, or
*   (at your option) any later version.
*
*
***************************************************************************/
// Begin PNphpBB2 Categories Hierarchie Mod
include_once( $phpbb_root_path . 'includes/functions.' . $phpEx );

Best Regards,
/str0ke