Jump to content

Phpbb Multiple User Registeration Dos (exploit)


Recommended Posts

I warn yesterday people on phpBB about new exploit and hope that they gonna to do something very soon.

News is from securiteam and i'm not gonna to post all info's (there is whole code in C Source.Just first few sentence but i'm affraid that the news will be today or tommorow on all security site:

 

phpBB is "a high powered, fully scalable, and highly customizable Open Source bulletin board package".

 

Registering multiple users and performing malformed search queries using these users can be used to cause a DoS against the phpBB product

 

Vulnerable Systems:

* phpBB version 2.0.15 and prior

 

Exploit:

/*

--------------------------------------------------------

[N]eo ecurity [T]eam [NST] - Advisory #15 - 00/00/06

--------------------------------------------------------

Program: phpBB 2.0.15

Homepage: http://www.phpbb.com

Vulnerable Versions: phpBB 2.0.15 & Lower versions

Risk: High Risk!!

Impact: Multiple DoS Vulnerabilities.

 

-==phpBB 2.0.15 Multiple DoS Vulnerabilities ==-

---------------------------------------------------------

 

- Description

---------------------------------------------------------

phpBB is a high powered, fully scalable, and highly customizable

Open Source bulletin board package. phpBB has a user-friendly

interface, simple and straightforward administration panel, and

helpful FAQ. Based on the powerful PHP server language and your

choice of MySQL, MS-SQL, PostgreSQL or Access/ODBC database servers,

phpBB is the ideal free community solution for all web sites.

 

- Tested

---------------------------------------------------------

localhost & many forums

 

- Explotation

---------------------------------------------------------

profile.php << By registering as many users as you can.

search.php << by searching in a way that the db couln't observe it.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...