phpBB plus versions 1.53 and below allow for system information to be leaked via phpinfo.
14da6f698848e5bc8b0b2c1fa87d70c7c80e6c007ffd431bf2e34b2ffc8b6327
/*
--------------------------------------------------------
Advisory - 21/03/05
by suBzero
email: kisobox [at] gmail.com
--------------------------------------------------------
Program: phpBB plus <= 1.53
Homepage: http://www.phpbb2.de
Vulnerable Versions: phpBB plus 1.53 & Lower versions
Risk: Low Risk
Impact: phpinfo details disclosure.
phpBB plus 1.53 or maybe lower version
---------------------------------------------------------
- Description
---------------------------------------------------------
phpBB plus <= 1.53 is an premoded phpBB by www.phpbb2.de.
phpBB plus 1.53 is an Open Source project that is developed by programmers.
- Tested
---------------------------------------------------------
I tested this bug in localhost and other forums.
for more you can find using http://www.google.com
- Exploit
---------------------------------------------------------
low risk. Attacker can see system info and finger printing before futher attack.
- Solution
--------------------------------------------------------
1) Delete folder /phpinfo or rename it.
2) create .htaccess to protect admin folder.
- Greets -
---------------------------------------------------------
everyone out there.
--