Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:7993
HistoryMar 05, 2005 - 12:00 a.m.

-==phpBB 2.0.13 Full path disclosure==-

2005-03-0500:00:00
vulners.com
13

/*

[N]eo [S]ecurity [T]eam [NST]® - Advisory #09 - 03/03/05

Program: phpBB 2.0.13
Homepage: http://www.phpbb.com
Vulnerable Versions: phpBB 2.0.13 & Lower versions
Risk: Low Risk!!
Impact: Full path disclosure

     -==phpBB 2.0.13 Full path disclosure==-

  • Description

phpBB is a high powered, fully scalable, and highly customizable
Open Source bulletin board package. phpBB has a user-friendly
interface, simple and straightforward administration panel, and
helpful FAQ. Based on the powerful PHP server language and your
choice of MySQL, MS-SQL, PostgreSQL or Access/ODBC database servers,
phpBB is the ideal free community solution for all web sites.

  • Tested

localhost & many forums

  • Explotation

phpBB/db/oracle.php

Fatal error: Cannot redeclare sql_nextid() in /home/weblord/phpBB/db/oracle.php on line 405

I know is stupid!!!
Line 405
function sql_nextid($query_id = 0)
{
if(!$query_id)
{
$query_id = $this->query_result;
}
-==foobar==-

oK if i am not right i think i quick patch it'll be erasing lines 405 to 438
because is repeating the same function twice as the fatal error says "Cannot redeclare sql_nextid()"
function sql_nextid($query_id = 0) << Is repeated twice.

  • Exploit

Not necesesary!!

  • Solutions

Not Yet xD

  • References

http://neosecurityteam.net/Advisories/Advisory-09.txt

  • Credits

Discovered by HaCkZaTaN <[email protected]>

[N]eo [S]ecurity [T]eam [NST]® - http://neosecurityteam.net/

Got Questions? http://neosecurityteam.net/

Irc.InfoGroup.cl #neosecurityteam

  • Greets

       Paisterist
       T0wn3r
       LINUX
       Heap
       Nitrous
       CrashCool
       eL_mEsIaS
       Makoki
       KingMetal

       And my Colombian people

    @@@@&#39;&#39;&#39;@@@@&#39;@@@@@@@@@&#39;@@@@@@@@@@@
    &#39;@@@@@&#39;&#39;@@&#39;@@@&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;@@&#39;&#39;@@@&#39;&#39;@@
    &#39;@@&#39;@@@@@@&#39;&#39;@@@@@@@@@&#39;&#39;&#39;&#39;&#39;@@@
    &#39;@@&#39;&#39;&#39;@@@@&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;@@@&#39;&#39;&#39;&#39;@@@
    @@@@&#39;&#39;&#39;&#39;@@&#39;@@@@@@@@@@&#39;&#39;&#39;&#39;@@@@@

*/