phpBB Input Validation Flaw in 'search_id' Permits SQL Injection and Yields Administrative Access
Categorie: Vulnerability Posted: 2003-12-01 by ReCall Views: 397 Source: Click here
Current Rating: Not rated
Details
Description: An input validation vulnerability was reported in phpBB in 'search.php'. A remote user can inject SQL commands to gain administrative access to the forum.
It is reported that the 'search.php' script does not properly validate the 'search_id' parameter. A remote user can send a specially crafted value to execute certain SQL commands on the target server, such as a command to obtain the administrator's hashed password. With the hashed password, a remote user can then modify their cookies to gain access to the system.
To determine if your system has been patched, run the following query:
http://your_site/phpBB2/search.php?search_id=1
If your system is patched, the system will display the following message:
"No topics or posts met your search criteria"
Impact: A remote user can inject SQL commands to gain administrative access to the forum.
Solution: The vendor has fixed the latest version of 2.06, available at:
