phpBB phpbb-openid Module *openid_root_path* File Inclusion

Posted on Tuesday, October 02, 2007 @ 22:33:49 PDT in Security
by Raven



SECUNIA ADVISORY ID: SA27001

VERIFY ADVISORY: http://secunia.com/advisories/27001/

CRITICAL: Highly critical

IMPACT: Exposure of system information, Exposure of sensitive information, System access

WHERE: >From remote

SOFTWARE: phpbb-openid (module for phpBB) 0.x - http://secunia.com/product/15904/

DESCRIPTION: xoron has reported a vulnerability in the phpbb-openid module for phpBB, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system.

Input passed to the "openid_root_path" parameter in includes/openid/Auth/OpenID/BBStore.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources. Successful exploitation requires that "register_globals" is enabled. The vulnerability is reported in version 0.2.0 and all previous versions. Other versions may also be affected.

SOLUTION: Edit the source code to ensure that input is properly verified.

PROVIDED AND/OR DISCOVERED BY: xoron

ORIGINAL ADVISORY: http://milw0rm.com/exploits/4471
 
 
click Related        click Share
 
 
Associated Topics

PHPBB
 
News ©

Site Info v2.2.2

Last SeenLast Seen
Server TrafficServer Traffic
  • Total: 369,909,266
  • Today: 41,074
Server InfoServer Info
  • Oct 22, 2018
  • 12:03 pm PDT
 
 

Daily Inspiration