Re: [Full-disclosure] Security Advisory - phpBB 2.0.15 PHP-code injection bug

From: Andrew Farmer (andfarm_at_gmail.com)
Date: 06/29/05

Next message: Bernhard Mueller: "Re: [Full-disclosure] SEC-CONSULT SA-20050629-0"

Previous message: Bernhard Mueller: "[Full-disclosure] SEC-CONSULT SA-20050629-0"
In reply to: ronvdaal: "[Full-disclosure] Security Advisory - phpBB 2.0.15 PHP-code injection bug"
Next in thread: Tatercrispies: "Re: [Full-disclosure] Security Advisory - phpBB 2.0.15 PHP-code injection bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 29 Jun 2005 02:13:32 -0700
To: full-disclosure@lists.grok.org.uk

On 28 Jun ‘05, at 14:47, ronvdaal wrote:
> Proof of concept:

http://some.forum/viewtopic.php?p=postnum&highlight='.die(omghax).'

Uh, whoops.

Another suggested solution:

Remove the highlight handling code in viewtopic.php or replace it
with something that does not use the /e flag to preg_replace. As it
stands, the current code is an abomination that should not have ever
seen the light of day.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

application/pgp-signature attachment: This is a digitally signed message part

Next message: Bernhard Mueller: "Re: [Full-disclosure] SEC-CONSULT SA-20050629-0"

Previous message: Bernhard Mueller: "[Full-disclosure] SEC-CONSULT SA-20050629-0"
In reply to: ronvdaal: "[Full-disclosure] Security Advisory - phpBB 2.0.15 PHP-code injection bug"
Next in thread: Tatercrispies: "Re: [Full-disclosure] Security Advisory - phpBB 2.0.15 PHP-code injection bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]