[VIM] bbrss PhpBB (phpbb_root_path) Remote File Inclusion
George A. Theall
theall at tenablesecurity.com
Wed Jun 14 19:53:43 EDT 2006
To save people the effort...
bbrss appears to be an add-on for phpBB. I found a copy for download here:
http://scripts.ringsworld.com/discussion-boards/bbrss/
[NB: disable Javascript before you visit -- it caused my copy of Firefox
to crash when I first visited.] Anyway, there is no way this "flaw" is
valid. At the top of the file you have:
define('IN_PHPBB', true); // to ensure your script works ! //
$phpbb_root_path = './';
include_once($phpbb_root_path . 'extension.inc');
include_once($phpbb_root_path . 'common.php');
as SpC-x says. extension.inc is not part of the bbrss distribution;
instead, it comes from phpBB. And if you look at it, you'll see all it
does is set the PHP extension (eg, "php", "php3", ...) and initialize
the variable $starttime. Thus, there's no way for an attacker to affect
the value of $phpbb_root_path, at least in the code snipped SpC-x
quotes in his advisory.
George
--
theall at tenablesecurity.com
More information about the VIM
mailing list