PHP NUKE All version Remote File Inc.

Yeah,its so weird. vulnerable code in pagestart.php at line 68.

http://victim/modules/Forums/admin/admin_styles.php?phpbb_root_path=2

Warning: main(2common.php): failed to open stream: No such file or directory in C:InetpubvhostsvictimhttpdocsmodulesForumsadminpagestart.php on line 68

Just edited victim for security purposes.

in pagestart.php at lines 67-68:

...

include("../../../mainfile.php");

include($phpbb_root_path.'common.'.$phpEx);

...

So it includes mainfile.php and i think this is making vulnerability.

in mainfile.php at lines 54-56

...

if (!ini_get("register_globals")) {

import_request_variables('GPC');

}

...

I tried it on some servers.It didnt work but for some worked, and all this servers has register_globals off and magic_quotes_gpc on.

This is so weird problem..

Regards,

Mustafa Can Bjorn IPEKCI (nukedx a.k.a nuker)