[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PhpBB <= 2.0.20 Admin/Restore Database remote cmmnds xctn (works with admin sid)

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: PhpBB <= 2.0.20 Admin/Restore Database remote cmmnds xctn (works with admin sid)
From: rgod@xxxxxxxxxxxxx
Date: 13 May 2006 12:10:41 -0000

an admin or whoever succeed to find admin sid is able to launch commands, 
advisory/poc exploit:

http://retrogod.altervista.org/phpbb_2020_admin_xpl.html

Prev by Date: Re: How secure is software X?
Next by Date: Re: Firefox 1.5.0.3 - DoS
Previous by thread: SQL-Injection in e107 allows attacker to become a site admininstrator
Next by thread: [SECURITY] [DSA 1057-1] New phpLDAPadmin packages fix cross-site scripting
Index(es):
- Date
- Thread