myITforum.com
Welcome to myITforum.com Sign in | Join | Help
in Search
Site Home Home Bloggers List Blogs Photos Downloads

Harry Waldron - My IT Forums Blog

Sharing Security Developments, and Best Practices for corporate and home users

phpBB Remote Command Execution and SQL Injection Exploit

  A major new phpBB attack is circulating and site administrators should ensure they are on phpBB version 2.0.18 or higher.

phpBB Remote Command Execution and SQL Injection Vulnerabilities
http://www.frsirt.com/english/advisories/2005/2250

Technical Description: Multiple vulnerabilities were identified in phpBB, which could be exploited by remote attackers to execute arbitrary commands or conduct SQL injection and cross site scripting attacks.

Exploit Code example
Please be careful as actual exploit code is present here
http://www.frsirt.com/exploits/20051224.r57phpbb2017.pl.php

Affected Products: phpBB version 2.0.17 and prior

Solution - Upgrade to phpBB version 2.0.18
http://www.phpbb.com/downloads.php

Published Dec 24 2005, 07:59 PM by hwaldron

Comments

No Comments

This Blog

Syndication
Copyright - www.myITforum.com, Inc. - 2007 All Rights reserved.
Powered by Community Server (Commercial Edition), by Telligent Systems