Re: AzzCoder => PNphpBB (Latest) Remote File Include

To: "Carsten Eilers" <ceilers-lists@xxxxxx>
Subject: Re: AzzCoder => PNphpBB (Latest) Remote File Include
From: str0ke <str0ke@xxxxxxxxxxx>
Date: Thu, 21 Sep 2006 11:16:20 -0500
Cc: azzcoder@xxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=gGLBoW7n8dioEQdnnrvDjLuxmriDNDJa6nr6KAPCwVPo1G9s6BaaYX2salknrw6RoaqJMhJcocI+rXmAfinnSCXDfSeKDA96Uywo6lhnt0SjuOwsvartwUxVJwR0IHnj26Hko8jRQVnLSFvobaUULNmMMHAck7Nbr79T3F8gHpM=
In-reply-to: <20060920211237.5788@xxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <20060918032806.9607.qmail@xxxxxxxxxxxxxxxxx> <20060920211237.5788@xxxxxxxxxxx>
Sender: milw0rm@xxxxxxxxx

Carsten,

The vulnerability is in version 1.2g and below.

Source code :
http://prdownloads.sourceforge.net/pnphpbb2/

Vulnerability:
<?php
/***************************************************************************
*                            functions_admin.php
*                            -------------------
*   begin                : Saturday, Feb 13, 2001
*   copyright            : (C) 2001 The phpBB Group
*   email                : support@xxxxxxxxx
*
*   $Id: functions_admin.php,v 1.2 2004/08/29 21:59:05 carls Exp $
*
*
***************************************************************************/

/***************************************************************************
*
*   This program is free software; you can redistribute it and/or modify
*   it under the terms of the GNU General Public License as published by
*   the Free Software Foundation; either version 2 of the License, or
*   (at your option) any later version.
*
*
***************************************************************************/
// Begin PNphpBB2 Categories Hierarchie Mod
include_once( $phpbb_root_path . 'includes/functions.' . $phpEx );

Best Regards,
/str0ke

Follow-Ups:
- Re: AzzCoder => PNphpBB (Latest) Remote File Include
  - From: Carsten Eilers

References:
- AzzCoder => PNphpBB (Latest) Remote File Include
  - From: azzcoder
- Re: AzzCoder => PNphpBB (Latest) Remote File Include
  - From: Carsten Eilers

Prev by Date: Re: AzzCoder => PNphpBB (Latest) Remote File Include
Next by Date: [CAID 34616, 34617, 34618]: CA eSCC and eTrust Audit vulnerabilities
Previous by thread: Re: AzzCoder => PNphpBB (Latest) Remote File Include
Next by thread: Re: AzzCoder => PNphpBB (Latest) Remote File Include
Index(es):
- Date
- Thread