phpBB Auction Module Vulnerable To File Inclusion Exploit

phpBB Auction Module Vulnerable To File Inclusion Exploit

Web Hosting News

Open Source Software News

10 Best Image Gallery Software

Google Releases FriendConnect Plugin for Wordpress, Drupal and PHPBB

How PHPBB Site was Hacked and How You Can Prevent it

Nginx Hacking Tips

How To Run phpBB on Nginx With Virtual Hosting

How To Fix phpBB Error - The submitted form was invalid. Try submitting again.

Simple Innovation for Translator for Web

How To Communicate Between PHP Scripts (Sample Source Code Included)

How To Enable / Use .htaccess / Nice permalinks in Apache Web Server on Windows

RELATED NEWS

By Angsuman Chakraborty, Gaea News Network
Wednesday, May 3, 2006

Input passed to the “phpbb_root_path” parameter in “auction/auction_common.php” isn’t properly verified, before it is used to include files. This can be exploited to include arbitrary files from external and local resources.

The vulnerability, discovered by VietMafia, has been confirmed in version 1.3m. Other versions may also be affected.

Protection / Solution
1. Disable “register_globals”
2. Edit the source code to ensure that input is properly verified.

via Pridels

Filed under: Computer Security, Open Source Software, PHP, Web, Web Hosting, Web Services

Discuss Bellow

YOUR VIEW POINT

NAME :	(REQUIRED)
MAIL :	(REQUIRED) will not be displayed
WEBSITE :	(OPTIONAL)

YOUR COMMENT :
	Submit Notify me of followup comments via e-mail

Well, there are loads of photo gallery software out there and a lot more queued up for debut. While ...

Social connection through online world is becoming more and more relevant these days. Even Google is...

The simplest way to start this topic is, PHPBB is hacked. You must have heard of it by now. And ther...

Nginx is a high performance web server and mail proxy server written by Igor Sysoev and a good repla...

We now have our phpBB forum running on Nginx web server, a high quality and significantly better per...

Users, including forum admins, sometimes gets message while editing a post, sometimes for quick edit...

Translator for Web sites is a much requested feature from our clients. We have started development o...

PHP scripts such as WordPress, phpBB, phpMyAdmin etc. operate in their own world without much inter-...

.htaccess is a web server directive file populalrly used in Apache Web Server in Linux / Unix enviro...

Older News