Tech~Covo

by **Juanm** on Thursday September 21st, 2006 17h21:28

Synthetic informations
sw name: phpBB XTreme
vendor: oc5id
vulnerability type: remote file inclusion vulnerability
severity: extremely critical

Details

Issue description:

Code: Select all: includes/functions.php

has non function code. This will allow people interested to wreck havoc into the vulnerable site by editing phpBB root path with the usual exploit seen many and many times around the net

phpBB vanilla is not vulnerable 'cause includes/functions.php contains only function code

Other preforked with outdated MODs can be affected [break]by the same vulnerability

Fixes/advices

*ultimate fix*
remove that sw from your server and choose other software respecting copyright, able to keep all their code up to date (and possibly without hundreds of queries per page).
Visit this thread for details.

You server and your host will be grateful to you

workaround
This stuff is not supported here, so I won't provide any fix. Go to your vendor, look for support over there and good luck (you need it) :mrgreen:

.
I'm setting this as workaround 'cause it maybe could fix this issue (update: it *maybe* will block that kind of exploit), but it won't remove the cause laying behind that script: too many MODs and not enough care about keeping all them and the core code up to date

.

Credits: Techie-Micheal for explaining some tech details about functions.php

side notes:
what's this: another preforked forum sw including a bunch of hacks. It has hundreds of queries for every page load as many other preforked.
the vendor removed copyright informations from php files (GPL violation) and made the files available for registered only.

tech detail: exploit will work with misconfigured servers (register globals=on).
Since many hosts don't want certain clients to complain 'cause "some script don't work", this situation seems to be not so rare.