phpBB
Archived Posts from this Category
[phpBB] phpBB phpbb-openid Module “openid_root_path” File Inclusio
TITLE:
phpBB phpbb-openid Module “openid_root_path” File Inclusion
SECUNIA ADVISORY ID:
SA27001
VERIFY ADVISORY:
http://secunia.com/advisories/27001/
CRITICAL:
Highly critical
IMPACT:
Exposure of system information, Exposure of sensitive information,
System access
WHERE:
From remote
SOFTWARE:
phpbb-openid (module for phpBB) 0.x http://secunia.com/product/15904/
DESCRIPTION:
xoron has reported a vulnerability in the phpbb-openid module for phpBB,
which can be exploited by malicious people to disclose sensitive
information or to compromise a vulnerable system.
Input passed to the “openid_root_path” parameter in
includes/openid/Auth/OpenID/BBStore.php is not properly verified before
being used to include files. This can be exploited to include arbitrary
files from local or external resources.
Successful exploitation requires that “register_globals” is enabled.
The vulnerability is reported in version 0.2.0 and all previous
versions. Other versions may also be affected.
SOLUTION:
Edit the source code to ensure that input is properly verified.
PROVIDED AND/OR DISCOVERED BY:
xoron
ORIGINAL ADVISORY:
http://milw0rm.com/exploits/4471
0 comments Wednesday 03 Oct 2007 | Guardian | phpBB
[phpBB] phpBB SupaNav Module “phpbb_root_path” File Inclusio
TITLE:
phpBB SupaNav Module “phpbb_root_path” File Inclusion
SECUNIA ADVISORY ID:
SA26127
VERIFY ADVISORY:
http://secunia.com/advisories/26127/
CRITICAL:
Highly critical
IMPACT:
Exposure of system information, Exposure of sensitive information,
System access
WHERE:
From remote
SOFTWARE:
SupaNav 1.x (module for phpBB) http://secunia.com/product/14825/
DESCRIPTION:
bd0rk has discovered a vulnerability in the SupaNav module for phpBB,
which can be exploited by malicious people to disclose sensitive
information or to compromise a vulnerable system.
Input passed to the “phpbb_root_path” parameter in link_main.php is not
properly verified before being used to include files. This can be
exploited to include arbitrary files from local or external resources.
Successful exploitation requires that “register_globals” is enabled.
The vulnerability is confirmed in version 1.0.0. Other versions may also
be affected.
SOLUTION:
Edit the source code to ensure that input is properly verified.
PROVIDED AND/OR DISCOVERED BY:
bd0rk
ORIGINAL ADVISORY:
http://milw0rm.com/exploits/4197
0 comments Saturday 21 Jul 2007 | Guardian | phpBB