Signature Detail

HTTP: phpBB Search Highlighting Arbitrary Command Execution

This signature detects attempts to exploit a known vulnerability in phpBB. Attackers can send a malformed HTTP request to phpBB to force phpBB to execute arbitrary PHP commands on the server with Web server permissions.

Extended Description

The 'viewtopic.php' phpBB script is prone to a remote script-injection vulnerability because the application fails to properly sanitize user-supplied URI parameters before using them to construct dynamically generated web pages. This issue may allow a remote attacker to execute arbitrary commands in the context of the webserver that is hosting the vulnerable software.

Affected Products

• Gentoo linux
• Phpbb_group phpbb 1.0.0 .0
• Phpbb_group phpbb 1.2.0 .0
• Phpbb_group phpbb 1.2.1
• Phpbb_group phpbb 1.4.0 .0
• Phpbb_group phpbb 1.4.1
• Phpbb_group phpbb 1.4.2
• Phpbb_group phpbb 1.4.4
• Phpbb_group phpbb 2.0.0 .0
• Phpbb_group phpbb 2.0.0 Beta 1
• Phpbb_group phpbb 2.0.0 RC1
• Phpbb_group phpbb 2.0.0 RC2
• Phpbb_group phpbb 2.0.0 RC3
• Phpbb_group phpbb 2.0.0 RC4
• Phpbb_group phpbb 2.0.1
• Phpbb_group phpbb 2.0.10
• Phpbb_group phpbb 2.0.12
• Phpbb_group phpbb 2.0.13
• Phpbb_group phpbb 2.0.14
• Phpbb_group phpbb 2.0.15
• Phpbb_group phpbb 2.0.2
• Phpbb_group phpbb 2.0.3
• Phpbb_group phpbb 2.0.4
• Phpbb_group phpbb 2.0.5
• Phpbb_group phpbb 2.0.6
• Phpbb_group phpbb 2.0.6 c
• Phpbb_group phpbb 2.0.6 d
• Phpbb_group phpbb 2.0.7
• Phpbb_group phpbb 2.0.7 a
• Phpbb_group phpbb 2.0.8
• Phpbb_group phpbb 2.0.8 a
• Phpbb_group phpbb 2.0.9
• Pnphpbb pnphpbb 1.2.0
• Pnphpbb pnphpbb 1.2.0 f
• Pnphpbb pnphpbb 1.2.0 g

References

• BugTraq: 10701
• BugTraq: 14086
• CVE: CVE-2004-1315
• CVE: CVE-2005-2086
• URL: http://www.us-cert.gov/cas/techalerts/TA04-356A.html
• URL: http://www.phpbb.com/phpBB/viewtopic.php?t=239819
• URL: http://www.milw0rm.com/id.php?id=673