[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: Re: [Full-disclosure] Security Advisory - phpBB 2.0.15 PHP-code
From: Siegfried <siegfri3d () gmail ! com>
Date: 2005-06-29 16:28:10
Message-ID: 38f2c06705062909287d51370f () mail ! gmail ! com
[Download RAW message or body]
>Due to a bug in the phpBB highlighting code it's possible to inject
>PHP-code into the running script. E.g. It's possible to run system
>commands if the PHP interpreter allows system() and simular functions.
>This is actually based on an old bug which was improperly fixed in
>phpBB 2.0.11.
phpBB versions 2.0.11 through 2.0.14 don't seem affected no? it was
rather reintroduced in version 2.0.15 because they changed some things
in this part of the code
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic