Results 1 to 2 of 2

Thread: phpBB exploit?

  1. #1
    Junior Member
    Join Date
    Aug 2003

    phpBB exploit?

    I saw, a few days ago, a nasty little phpBB exploit in bugtraq. I'm a admin of a rather big forum and wanted to make sure that my site wasn't vurnable to the bug. So I downloaded and compiled the program (modified it a little bit... some "newlines" shouldn't be there...).

    But when I'm using it, I'll get

    Failed opening ' ./../templates/../../test_file.txt\0/theme_info.cfg' for inclusion (inclue_path='.:/usr/share/pear') in /*websiteroot*/forum/admin/admin_styles.php

    The text_file is in *websiteroot*. Am I not vurnable to the bug or am I just running the bug "wrongly"?

    ps. the "\0" thing... is it for terminating the include string before "/theme_info.cfg"?

    Edit: The link to the exploit is: http://www.securityfocus.com/bid/7932

    Edit2: I used the following inputs:

    Server: *my server ip*
    Forum location: forum
    Directories to escape: 2
    File to get/execute: /test_file.txt

  2. #2
    Senior Member
    Join Date
    Feb 2003
    I would say then your phpBB is not vulnerable.

    Going back a bit in my php memory, and reading the bug discription. The whole idea would be for the atacker to make this change to your include path, so that /test_file.txt would be executed, or /backdoor.exe. And that the \0 is part of the exploit which alows the file to be inserted as it was, and for the include file to still be included.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts