phpBB viewtopic.php highlight Parameter SQL Injection

2004-11-12T10:03:40
ID OSVDB:11719
Type osvdb
Reporter Jessica Soules(admin@howdark.com)
Modified 2004-11-12T10:03:40

Description

Vulnerability Description

phpBB contains a flaw that will allow a remote attacker to inject arbitrary SQL code. The problem is that the 'highlight' parameter in the 'viewtopic.php' script is not verified properly and will allow an attacker to inject or manipulate SQL queries.

Solution Description

Upgrade to version 2.0.11 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

phpBB contains a flaw that will allow a remote attacker to inject arbitrary SQL code. The problem is that the 'highlight' parameter in the 'viewtopic.php' script is not verified properly and will allow an attacker to inject or manipulate SQL queries.

References:

Vendor URL: http://www.phpbb.com Vendor Specific Solution URL: http://www.phpbb.com/phpBB/viewtopic.php?t=240513 US-CERT Cyber Security Alert: TA04-356A Security Tracker: 1012647 Secunia Advisory ID:13239 Other Advisory URL: http://securityresponse.symantec.com/avcenter/venc/data/perl.santy.html Other Advisory URL: http://us.mcafee.com/virusInfo/default.asp?id=3Ddescription&virus_k=3D130=471 Other Advisory URL: http://www.howdark.com/index.php?o=phpbb_v2010_highlightinjection.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-11/0231.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-11/0368.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-11/0241.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-11/0252.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-11/0179.html Keyword: Santy worm ISS X-Force ID: 18052 Generic Informational URL: http://www.f-secure.com/v-descs/santy_a.shtml Generic Exploit URL: http://www.securitylab.ru/_Article_Images/2004/11/phpbb.php.txt CVE-2004-1315 CERT VU: 497400