I saw, a few days ago, a nasty little phpBB exploit in bugtraq. I'm a admin of a rather big forum and wanted to make sure that my site wasn't vurnable to the bug. So I downloaded and compiled the program (modified it a little bit... some "newlines" shouldn't be there...).

But when I'm using it, I'll get

...
Failed opening ' ./../templates/../../test_file.txt\0/theme_info.cfg' for inclusion (inclue_path='.:/usr/share/pear') in /*websiteroot*/forum/admin/admin_styles.php
...

The text_file is in *websiteroot*. Am I not vurnable to the bug or am I just running the bug "wrongly"?

ps. the "\0" thing... is it for terminating the include string before "/theme_info.cfg"?


Edit: The link to the exploit is: http://www.securityfocus.com/bid/7932

Edit2: I used the following inputs:

Server: *my server ip*
Forum location: forum
Directories to escape: 2
File to get/execute: /test_file.txt