phpBB viewtopic.php topic_id Variable SQL Injection

2003-06-19T02:27:37
ID OSVDB:2186
Type osvdb
Reporter Rick(rikul@bellsouth.net)
Modified 2003-06-19T02:27:37

Description

Vulnerability Description

phpBB contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the "topic_id" variable in the "viewtopic.php" module is not verified properly and will allow an attacker to inject or manipulate SQL queries.

Solution Description

Upgrade to version phpBB is 2.0.6. as it has been reported to have fixed the issue. If unable to upgrade then it is advised to enable magic_quotes_gpc in PHP or visit the vendor website for the necessary code changes required to fix this issue.

Short Description

phpBB contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the "topic_id" variable in the "viewtopic.php" module is not verified properly and will allow an attacker to inject or manipulate SQL queries.

Manual Testing Notes

http://[victim]/viewtopic.php?sid=1&topic_id='

References:

Vendor Specific Solution URL: http://www.phpbb.com/phpBB/viewtopic.php?t=112052 Vendor Specific Advisory URL Secunia Advisory ID:9090 Nessus Plugin ID:11767 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-06/0151.html ISS X-Force ID: 12366 Generic Exploit URL: http://archives.neohapsis.com/archives/bugtraq/2003-06/att-0151/phpbb_sql.pl CVE-2003-0486 Bugtraq ID: 7979