PhpBB admin_words.php Multiple Vulnerabilities

Bugtraq ID:	9896
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Mar 16 2004 12:00AM
Updated:	Mar 16 2004 12:00AM
Credit:	Discovery is credited to Janek Vind <[email protected]>.
Vulnerable:	phpBB Group phpBB 2.0.6 c
Not Vulnerable:	phpBB Group phpBB 2.0.8

PhpBB admin_words.php Multiple Vulnerabilities

It has been reported that PhpBB may be prone to multiple vulnerabilities that may allow an attacker to carry out SQL injection and cross-site scripting attacks. These issues are reported to affect the 'id' parameter of 'admin_words.php' module. The SQL injection attack requires administrator level access.

PhpBB version 2.0.6c has been reported to be affected by these issues, however, it is possible that other versions are affected as well.

PhpBB admin_words.php Multiple Vulnerabilities

No exploit is required.

The following proof of concept has been provided:
http://www.example.com/phpbb206c/admin/admin_words.php?mode=edit&id=-1%20UNION%20ALL%20SELECT%20null/*
http://www.example.com/phpbb206c/admin/admin_words.php?mode=edit&id=1/*">&lt;script&gt;alert(document.cookie);</script

PhpBB admin_words.php Multiple Vulnerabilities

Solution:
The vendor has released an upgrade dealing with this issue.


phpBB Group phpBB 2.0.6 c

• phpBB Group phpBB-2.0.8.zip
  http://prdownloads.sourceforge.net/phpbb/phpBB-2.0.8.zip?download

PhpBB admin_words.php Multiple Vulnerabilities

References:

• phpBB Homepage (phpBB)