phpBB Bulletin Board search.php SQL Injection
Date: Friday, December 05 @ 12:49:37 CET Topic: PHP-Nuke
NOTE TO STORYM ADMINISTRATOR: Got this via SANS email. And I'm new to php-nuke - do we need to implement this fix?
Affected Products:
phpBB version 2.06
Description:
phpBB is a popular open source bulletin board software which integrates
with multiple backend databases. The "search.php" script included with
the phpBB software contains a SQL injection vulnerability. The problem
arises due to lack of sanitization of user input to the script's
"search_id" parameter, allowing a malicious user to manipulate SQL
queries issued against the backend database. For instance, the
vulnerability can be exploited to extract the password hashes from the
database that can lead to administrative access to the bulletin board.
A proof-of-concept exploit has been posted.
Status: Vendor confirmed, a patch is available.
Council Site Actions:
The affected software is not in production or widespread use at any of
the council sites. They reported that no action was necessary.
References:
Postings by Niels Teusink (discovered the bug)
http://archives.neohapsis.com/archives/bugtraq/2003-11/0327.html
http://archives.neohapsis.com/archives/bugtraq/2003-11/0339.html
Postings by Hat-Squad Security Team (Proof-of-Concept Exploit)
http://archives.neohapsis.com/archives/bugtraq/2003-11/0337.html
http://archives.neohapsis.com/archives/bugtraq/2003-11/0348.html
Vendor Released Patch http://www.phpbb.com/phpBB/viewtopic.php?t=153818
SecurityFocus BID
http://www.securityfocus.com/bid/9122
Hi'ya, yes just implement the patch as per the article. :) Thanks
|
|