Title: PHPBB Auth.PHP File Disclosure Vulnerability
Severity: MODERATE
Description:
phpBB is an open-source web forum application that is written in PHP and supported by a number of database products. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems.
A flaw exists in the 'auth.php' script which may allow attackers to cause local webserver readable files to be disclosed or interpreted. This is due to insufficient sanitization of the null character (%00) from CGI parameters. Appending a null character to the end of a filename requested through the 'lang=' parameter will cause the file to be served. If the file contains PHP code, it may be interpreted by the server. If an attacker can, through some other means, cause the inclusion of PHP code in a local file with permissions readable by the webserver, it may be possible to execute arbitrary commands.
One possible attack scenario is to include PHP code in a request that will be logged in the Apache 'access.log' file, and then to exploit the vulnerability to cause this file to be interpreted. This scenario will depend on the webserver configuration.
Affected Products:
- phpBB Group phpBB 1.4.0.0
- phpBB Group phpBB 1.4.1
- phpBB Group phpBB 1.4.2
- phpBB Group phpBB 1.4.4
References:
- CGI_Shield: PHPbb Security Flaws - 2003-02-18
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
