Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: CGI abuses --> Category: infos

Multiple vulnerabilities in phpBB 2.0.13 and older Vulnerability Scan


Vulnerability Scan Summary
Checks for multiple vulnerabilities in phpBB 2.0.13 and older

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server contains a PHP application that is affected by
multiple vulnerabilities.

Description :

According to its banner, the remote host is running a version of phpBB
that suffers from multiple flaws:

- A Path Disclosure Vulnerability
A remote attacker can cause phpBB to reveal its installation
path via a direct request to the script 'db/oracle.php'.

- A Cross-Site Scripting Vulnerability
The application does not properly sanitize user input before
using it in 'privmsg.php' and 'viewtopic.php'.

- A Privilege Escalation Vulnerability
In 'session.php' phpBB resets the 'user_id' value when an
autologin fails
it does not, however, reset the 'user_level'
value, which remains as the account that failed the autologin.
Since the software uses the 'user_level' parameter in some
cases to control access to privileged functionality, this flaw
allows a possible hacker to view information, and possibly even
perform tasks, normally limited to administrators.

- SQL Injection Vulnerabilities
The DLMan Pro and LinksLinks Pro mods, if installed, reportedly
fail to properly sanitize user input to the 'file_id' parameter
of the 'dlman.php' script and the 'id' parameter of the
'links.php' script respectively before using it in an SQL
query. This may allow a possible hacker to pass malicious input
to database queries.

See also :

http://archives.neohapsis.com/archives/bugtraq/2005-03/0059.html
http://archives.neohapsis.com/archives/bugtraq/2005-03/0085.html
http://archives.neohapsis.com/archives/bugtraq/2005-04/0056.html
http://archives.neohapsis.com/archives/bugtraq/2005-04/0063.html

Solution :

Upgrade to a version after phpBB 2.0.13 and disable the DLMan Pro and
LinksLinks Pro mods.

Threat Level:

Medium / CVSS Base Score : 5
(AV:R/AC:L/Au:NR/C:P/A:N/I:P/B:N)

Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

 Vulnerability Scanning Solutions, LLC.