phpBB Bulletin Board search.php SQL Injection
Date: Friday, December 05 @ 12:49:37 CET
Topic: PHP-Nuke


NOTE TO STORYM ADMINISTRATOR: Got this via SANS email. And I'm new to php-nuke - do we need to implement this fix?

Affected Products:
phpBB version 2.06

Description:
phpBB is a popular open source bulletin board software which integrates
with multiple backend databases. The "search.php" script included with
the phpBB software contains a SQL injection vulnerability. The problem
arises due to lack of sanitization of user input to the script's
"search_id" parameter, allowing a malicious user to manipulate SQL
queries issued against the backend database. For instance, the
vulnerability can be exploited to extract the password hashes from the
database that can lead to administrative access to the bulletin board.
A proof-of-concept exploit has been posted.

Status: Vendor confirmed, a patch is available.

Council Site Actions:
The affected software is not in production or widespread use at any of
the council sites. They reported that no action was necessary.
References:
Postings by Niels Teusink (discovered the bug)
http://archives.neohapsis.com/archives/bugtraq/2003-11/0327.html
http://archives.neohapsis.com/archives/bugtraq/2003-11/0339.html

Postings by Hat-Squad Security Team (Proof-of-Concept Exploit)
http://archives.neohapsis.com/archives/bugtraq/2003-11/0337.html
http://archives.neohapsis.com/archives/bugtraq/2003-11/0348.html

Vendor Released Patch http://www.phpbb.com/phpBB/viewtopic.php?t=153818

SecurityFocus BID
http://www.securityfocus.com/bid/9122


Hi'ya, yes just implement the patch as per the article. :) Thanks



This article comes from NukeCops
http://www.nukecops.com

The URL for this story is:
http://www.nukecops.com/modules.php?name=News&file=article&sid=1110