Another flaw makes phpbb developer release a new version of phpbb(2.0.15). You could read the explanation about this flaws, cek this out. the good things is the exploit wasnt release earlier than report to developer .
Some comment about this, i think it has a connection with bbCODE , coz the un-sanitize "$text" was in bbcode.php, question is ? what kind of attack probably to this hole , maybe RFI ? ; just Path dislosure (no oh :P) , my friends from waraxe guest it must be have connection with [img][/img] ??
my Question is , how about disabling the BBCode ?
No comments:
Post a Comment