Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: RE: [Fwd: phpBB 2.0.16 released]

RE: [Fwd: phpBB 2.0.16 released]

From: ronvdaal <ronvdaal_at_zarathustra.linux666.com>
Date: Tue, 28 Jun 2005 23:00:31 +0200 (CEST)

>> The changelog (contained within this release) is as follows:
>> - Fixed critical issue with highlighting - Discovered and fix provided by
>> Ron van Daal
>
> Does anyone know what the scope of this vulnerability actually is? "Critical
> issue" isn't really enough to go on here. Are we talking arbitrary PHP code
> execution or something lesser like SQL injection or slipping HTML into the
> bbCode? Neither the phpBB Changelog or any advisories seem to mention what
> the scope of this is. I'm guessing it's arbitrary PHP code execution based
> on what previous vulnerabilities in phpBB have yielded, but it would be nice
> to know for sure.

It's highly critical. It allows one to inject PHP code.
Please see my next message, I'm releasing my advisory.

Kind regards,

Syntonix
Received on Jun 28 2005

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]