NukeCops - phpBB Bulletin Board search.php SQL Injection

You are missing our premiere tool bar navigation system! Register and use it for FREE!

Create an account

• Home • Downloads • Gallery • Your Account • Forums •

Readme First

- Readme First! -
Read and follow the rules, otherwise your posts will be closed

Modules

· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account

Who's Online

There are currently, 219 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here

phpBB Bulletin Board search.php SQL Injection

paranor writes "NOTE TO STORYM ADMINISTRATOR: Got this via SANS email. And I'm new to php-nuke - do we need to implement this fix?

Affected Products:
phpBB version 2.06

Description:
phpBB is a popular open source bulletin board software which integrates
with multiple backend databases. The "search.php" script included with
the phpBB software contains a SQL injection vulnerability. The problem
arises due to lack of sanitization of user input to the script's
"search_id" parameter, allowing a malicious user to manipulate SQL
queries issued against the backend database. For instance, the
vulnerability can be exploited to extract the password hashes from the
database that can lead to administrative access to the bulletin board.
A proof-of-concept exploit has been posted.

Status: Vendor confirmed, a patch is available.

Council Site Actions:
The affected software is not in production or widespread use at any of
the council sites. They reported that no action was necessary.
References:
Postings by Niels Teusink (discovered the bug)
http://archives.neohapsis.com/archives/bugtraq/2003-11/0327.html
http://archives.neohapsis.com/archives/bugtraq/2003-11/0339.html

Postings by Hat-Squad Security Team (Proof-of-Concept Exploit)
http://archives.neohapsis.com/archives/bugtraq/2003-11/0337.html
http://archives.neohapsis.com/archives/bugtraq/2003-11/0348.html

Vendor Released Patch http://www.phpbb.com/phpBB/viewtopic.php?t=153818

SecurityFocus BID
http://www.securityfocus.com/bid/9122

Admin Note: Hi'ya, yes just implement the patch as per the article. :) Thanks"

Posted on Friday, December 05 @ 12:49:37 CET by Zhen-Xjell

Most read story about PHP-Nuke:
PHP-Nuke new development direction (part 2)

Article Rating

Average Score: 5
Votes: 1

Options

Printer Friendly Page

Send to a Friend

The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register

Re: phpBB Bulletin Board search.php SQL Injection (Score: 1)
by Jeruvy on Saturday, December 06 @ 10:00:13 CET
(User Info | Send a Message)

Where is the patch?

When I tested my site, I could not exploit this. I assumed it was due to the fact that the forum search is within the forum block and the string would have to be specially crafted for phpBBtonuke search as opposed to the standard phpbb search. Of course I value any input..

Re: phpBB Bulletin Board search.php SQL Injection by judas on Sunday, December 07 @ 20:03:33 CET
- Re: phpBB Bulletin Board search.php SQL Injection by Jeruvy on Monday, December 08 @ 09:08:49 CET

Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.092 Seconds - 691 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)

:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::