Security Advisory - phpBB 2.0.15 PHP-code injection bug

Security Advisory -//- phpBB 2.0.15 PHP-code injection bug Program: phpBB 2.0.15 and older versions Homepage: http://www.phpbb.com Risk: Very High Date: June 28 2005 Title: PHP-code injection bug Type: partial disclosure Author: Ron van Daal :. Vendor notified: June 23 2005 Background: phpBB is a...

phpBB < 2.0.16 viewtopic.php Highlighting Feature Arbitrary PHP Code Execution

The remote host is running a version of phpBB that allows attackers to inject arbitrary PHP code to the 'viewtopic.php' script to be executed subject to the privileges of the web server userid. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

phpBB 2.0.15 (highlight) Remote PHP Code Execution

No description provided by source. tested and working /str0ke !/usr/bin/pyth0n this exploit for phpBB 2.0.15 print "\nphpBB 2.0.15 arbitrary command execution eXploit" emulates a shell, print " 2005 by [email protected]" rather than print " well, just because there is none." sending a singl...

phpBB 2.0.15 - &#039;highlight&#039; PHP Remote Code Execution

tested and working /str0ke !/usr/bin/pyth0n this exploit for phpBB 2.0.15 print "\nphpBB 2.0.15 arbitrary command execution eXploit" emulates a shell, print " 2005 by [email protected]" rather than print " well, just because there is none." sending a single command. import sys from urllib2...

phpBB 2.0.15 - highlight PHP Remote Code Execution

phpBB 2.0.15 - highlight PHP Remote Code Execution tested and working /str0ke !/usr/bin/pyth0n this exploit for phpBB 2.0.15 print "\nphpBB 2.0.15 arbitrary command execution eXploit" emulates a shell, print " 2005 by [email protected]" rather than print " well, just because there is none."...

phpBB < 2.0.16 viewtopic.php Arbitrary Code Execution

Binary data 3038.prm...

CVE-2002-1894

CVE-2002-1894 describes a Cross-site scripting (XSS) vulnerability in phpBB 2.0.3, where the highlight parameter in viewtopic.php can be exploited to inject arbitrary script/HTML. Affected component: phpBB 2.0.3, file viewtopic.php. Root cause: insufficient input handling allowing script/HTML inj...

CVE-2002-1894

Cross-site scripting XSS vulnerability in viewtopic.php in phpBB 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter...

phpbb -- remote PHP code execution vulnerability

FrSIRT Advisory reports: A vulnerability was identified in phpBB, which may be exploited by attackers to compromise a vulnerable web server. This flaw is due to an input validation error in the "viewtopic.php" script that does not properly filter the "highlight" parameter before calling the...

phpBB 2.0.16 released

Hi everyone, phpBB Group announces the release of phpBB 2.0.16. This release addresses some bugfixes and one critical security issue. To fix this, please apply the following change: In viewtopic.php Find: $message = strreplace'"', '"', substr@pregreplace'?^+|?Rse', "@pregreplace'b" . strreplace''...

[EXPL] phpBB Multiple User Registeration DoS &#40;Exploit&#41;

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

NsT-phpBBDoS.pl.txt

!/usr/bin/perl Name: NsT-phpBBDoS Perl Version Copyright: Neo Security Team Author: HaCkZaTaN Ported: g30rg3x Date: 20/06/05 Description: NsT-phpBB DoS By HackZatan Ported tu perl By g30rg3x A Simple phpBB Registration And Search DoS Flooder. g30rg3x@neosecurity:/home/g30rg3x perl NsT-phpBBDoS.pl...

phpBB 2.0.15 - Register Multiple Users (Denial of Service) (Perl)

phpBB 2.0.15 - Register Multiple Users Denial of Service Perl !/usr/bin/perl Name: NsT-phpBBDoS Perl Version Copyright: Neo Security Team Author: HaCkZaTaN Ported: g30rg3x Date: 20/06/05 Description: NsT-phpBB DoS By HackZatan Ported tu perl By g30rg3x A Simple phpBB Registration And Search DoS...

phpBB 2.0.15 - Register Multiple Users (Denial of Service)

!/usr/bin/perl Name: NsT-phpBBDoS Perl Version Copyright: Neo Security Team Author: HaCkZaTaN Ported: g30rg3x Date: 20/06/05 Description: NsT-phpBB DoS By HackZatan Ported tu perl By g30rg3x A Simple phpBB Registration And Search DoS Flooder. g30rg3x@neosecurity:/home/g30rg3x perl NsT-phpBBDoS.pl...

phpBB &lt;= 2.0.15 Register Multiple Users Denial of Service (c code)

No description provided by source. / -------------------------------------------------------- Neo Security Team NST® - Advisory 15 - 00/00/06 -------------------------------------------------------- Program: phpBB 2.0.15 Homepage: http://www.phpbb.com Vulnerable Versions: phpBB 2.0.15 & Lower...

phpBB <= 2.0.15 Register Multiple Users Denial of Service (perl code)

Exploit for unknown platform in category dos / poc ===================================================================== phpBB = 2.0.15 Register Multiple Users Denial of Service perl code ===================================================================== !/usr/bin/perl Name: NsT-phpBBDoS Perl...

phpBB <= 2.0.15 Register Multiple Users Denial of Service (perl code)

Exploit for unknown platform in category web applications ===================================================================== phpBB = 2.0.15 Register Multiple Users Denial of Service perl code ===================================================================== !/usr/bin/perl Name: NsT-phpBBDo...

phpBB 2.0.15 - Register Multiple Users (Denial of Service) (C)

phpBB 2.0.15 - Register Multiple Users Denial of Service C / -------------------------------------------------------- Neo Security Team NST® - Advisory 15 - 00/00/06 -------------------------------------------------------- Program: phpBB 2.0.15 Homepage: http://www.phpbb.com Vulnerable Versions:...

phpBB <= 2.0.15 Register Multiple Users Denial of Service (c code)

Exploit for unknown platform in category web applications ================================================================== phpBB = 2.0.15 Register Multiple Users Denial of Service c code ================================================================== /...

phpBB 2.0.15 - Register Multiple Users (Denial of Service)

/ -------------------------------------------------------- Neo Security Team NST® - Advisory 15 - 00/00/06 -------------------------------------------------------- Program: phpBB 2.0.15 Homepage: http://www.phpbb.com Vulnerable Versions: phpBB 2.0.15 & Lower versions Risk: High Risk!! Impact:...