phpBB lang_faq.php faq Variable Path Disclosure

2004-07-13T09:15:10
ID OSVDB:7944
Type osvdb
Reporter Janek Vind "waraxe"(come2waraxe@yahoo.com)
Modified 2004-07-13T09:15:10

Description

Vulnerability Description

phpBB contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker provides an invalid argument to the faq variable in the language\lang_english\lang_faq.php script occurs, which will disclose the physical path of the installation resulting in a loss of confidentiality.

Technical Description

"register_globals" must be enabled on the server for this to be exploited.

Solution Description

Upgrade to version 2.0.9 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

phpBB contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker provides an invalid argument to the faq variable in the language\lang_english\lang_faq.php script occurs, which will disclose the physical path of the installation resulting in a loss of confidentiality.

Manual Testing Notes

http://[victim]/phpbb208/faq.php?faq=waraxe

References:

Vendor URL: http://www.phpbb.com/ Vendor Specific Advisory URL Secunia Advisory ID:12055 Related OSVDB ID: 7810 Related OSVDB ID: 7946 Related OSVDB ID: 7811 Related OSVDB ID: 7809 Related OSVDB ID: 7812 Related OSVDB ID: 7813 Related OSVDB ID: 7815 Related OSVDB ID: 7814 Related OSVDB ID: 7808 Related OSVDB ID: 7945 Other Advisory URL: http://www.waraxe.us/index.php?modname=sa&id=34 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-07/0170.html ISS X-Force ID: 16720 CVE-2004-0729