phpbb2. 0. 1 2 full path disclosure vulnerability-a vulnerability warning-the black bar safety net

2007-03-20T00:00:00
ID MYHACK58:62200714638
Type myhack58
Reporter 佚名
Modified 2007-03-20T00:00:00

Description

phpbb is a powerful, scalable open source electronic Bulletin system. The latest version and low version are there is a path disclosure issue.

Test method:

The forum path is/viewtopic. php? p=6&highlight=\[xiaohua]

Will appear the following text:

Warning: Compilation failed: missing terminating ] for character class at offset 2 0 in /home/nst/forum/viewtopic.php(1 1 1 0) : regexp code on line 1

Problem code:

Here is the problem: \ -----[ Start Vuln Code] ------------------------------------

1 1 0 6: if ($highlight_match) 1 1 0 7: { 1 1 0 8: // This was shamelessly 'borrowed' from volker at multiartstudio dot de 1 1 0 9: // via php.net's annotated manual 1 1 1 0: $message = str_replace('\"', '"', \ substr(preg_replace('#(\>(((?& gt;([^><]+|(? R)))*)\<))#se', "preg_replace('#\b(" . \ $highlight_match . ")\b#i', '<span style=\"color:#" . $theme['fontcolor3'] . \ "\"><b>\\\\1</b></span>', '\\0')", '>' . $message . '<'), 1, -1)); 1 1 1 1: }

Workaround:

magic_quotes_gpc = On magic_quotes_sybase = Off

In php. ini and set to On