|
Family: CGI abuses --> Category: infos
Multiple vulnerabilities in phpBB 2.0.13 and older Vulnerability Scan
Vulnerability Scan Summary Checks for multiple vulnerabilities in phpBB 2.0.13 and older
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP application that is affected by
multiple vulnerabilities.
Description :
According to its banner, the remote host is running a version of phpBB
that suffers from multiple flaws:
- A Path Disclosure Vulnerability
A remote attacker can cause phpBB to reveal its installation
path via a direct request to the script 'db/oracle.php'.
- A Cross-Site Scripting Vulnerability
The application does not properly sanitize user input before
using it in 'privmsg.php' and 'viewtopic.php'.
- A Privilege Escalation Vulnerability
In 'session.php' phpBB resets the 'user_id' value when an
autologin fails
it does not, however, reset the 'user_level'
value, which remains as the account that failed the autologin.
Since the software uses the 'user_level' parameter in some
cases to control access to privileged functionality, this flaw
allows a possible hacker to view information, and possibly even
perform tasks, normally limited to administrators.
- SQL Injection Vulnerabilities
The DLMan Pro and LinksLinks Pro mods, if installed, reportedly
fail to properly sanitize user input to the 'file_id' parameter
of the 'dlman.php' script and the 'id' parameter of the
'links.php' script respectively before using it in an SQL
query. This may allow a possible hacker to pass malicious input
to database queries.
See also :
http://archives.neohapsis.com/archives/bugtraq/2005-03/0059.html
http://archives.neohapsis.com/archives/bugtraq/2005-03/0085.html
http://archives.neohapsis.com/archives/bugtraq/2005-04/0056.html
http://archives.neohapsis.com/archives/bugtraq/2005-04/0063.html
Solution :
Upgrade to a version after phpBB 2.0.13 and disable the DLMan Pro and
LinksLinks Pro mods.
Threat Level:
Medium / CVSS Base Score : 5
(AV:R/AC:L/Au:NR/C:P/A:N/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|