[VIM] bbrss PhpBB (phpbb_root_path) Remote File Inclusion

George A. Theall theall at tenablesecurity.com
Wed Jun 14 19:53:43 EDT 2006

To save people the effort...

bbrss appears to be an add-on for phpBB. I found a copy for download here:


[NB: disable Javascript before you visit -- it caused my copy of Firefox
to crash when I first visited.] Anyway, there is no way this "flaw" is
valid. At the top of the file you have:

  define('IN_PHPBB', true); // to ensure your script works ! //
  $phpbb_root_path = './';
  include_once($phpbb_root_path . 'extension.inc');
  include_once($phpbb_root_path . 'common.php');

as SpC-x says. extension.inc is not part of the bbrss distribution;
instead, it comes from phpBB. And if you look at it, you'll see all it
does is set the PHP extension (eg, "php", "php3", ...) and initialize
the variable $starttime. Thus, there's no way for an attacker to affect
the value of $phpbb_root_path, at least in the code snipped SpC-x
quotes in his advisory.

theall at tenablesecurity.com

More information about the VIM mailing list