SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Forum/Board/Portal)  >   phpBB Vendors:   phpBB Group
phpBB 'oracle.php' Discloses Path to Remote Users
SecurityTracker Alert ID:  1013377
SecurityTracker URL:  http://securitytracker.com/id/1013377
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Mar 5 2005
Impact:   Disclosure of system information
Exploit Included:  Yes  
Version(s): 2.0.13 and prior versions
Description:   A vulnerability was reported in phpBB in 'oracle.php'. A remote user can determine the installation path.

A remote user can directly access 'phpBB/db/oracle.php' to cause the system to display an error message that discloses the installation path.

HaCkZaTaN of [N]eo [S]ecurity [T]eam reported this vulnerability.

Impact:   A remote user can determine the installation path.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.phpbb.com/ (Links to External Site)
Cause:   Exception handling error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  -==phpBB 2.0.13 Full path disclosure==-




/*
--------------------------------------------------------
--------------------------------------------------------
Program:  phpBB 2.0.13
Homepage:  http://www.phpbb.com
Vulnerable Versions: phpBB 2.0.13 & Lower versions
Risk: Low Risk!!
Impact: Full path disclosure

         -==phpBB 2.0.13 Full path disclosure==-
---------------------------------------------------------

- Description
---------------------------------------------------------
phpBB is a high powered, fully scalable, and highly customizable
Open Source bulletin board package. phpBB has a user-friendly
interface, simple and straightforward administration panel, and
helpful FAQ. Based on the powerful PHP server language and your
choice of MySQL, MS-SQL, PostgreSQL or Access/ODBC database servers,
phpBB is the ideal free community solution for all web sites.

- Tested
---------------------------------------------------------
localhost & many forums

- Explotation
---------------------------------------------------------
phpBB/db/oracle.php

Fatal error: Cannot redeclare sql_nextid() in /home/weblord/phpBB/db/oracle.php on line 405

I know is stupid!!!
Line 405
	function sql_nextid($query_id = 0)
	{
		if(!$query_id)
		{
			$query_id = $this->query_result;
		}
               -==foobar==-

oK if i am not right i think i quick patch it'll be erasing lines 405 to 438
because is repeating the same function twice as the fatal error says "Cannot redeclare sql_nextid()"
function sql_nextid($query_id = 0) << Is repeated twice.

- Exploit
---------------------------------------------------------
Not necesesary!!
 
- Solutions
--------------------------------------------------------
Not Yet xD

- References
--------------------------------------------------------
http://neosecurityteam.net/Advisories/Advisory-09.txt


- Credits
-------------------------------------------------
Discovered by HaCkZaTaN <hck_zatan@hotmail.com>


Got Questions? http://neosecurityteam.net/

Irc.InfoGroup.cl #neosecurityteam

- Greets
--------------------------------------------------------
           Paisterist
           T0wn3r
           LINUX
	   Heap
           Nitrous
           CrashCool
           eL_mEsIaS
           Makoki
           KingMetal

           And my Colombian people

	@@@@'''@@@@'@@@@@@@@@'@@@@@@@@@@@
	'@@@@@''@@'@@@''''''''@@''@@@''@@
	'@@'@@@@@@''@@@@@@@@@'''''@@@
	'@@'''@@@@'''''''''@@@''''@@@
	@@@@''''@@'@@@@@@@@@@''''@@@@@
*/

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC