Rapid7 VulnDB

phpBB viewtopic.php Arbitrary Code Execution

Back to Search

phpBB viewtopic.php Arbitrary Code Execution

Disclosed
11/12/2004
Created
05/30/2018

Description

This module exploits two arbitrary PHP code execution flaws in the phpBB forum system. The problem is that the 'highlight' parameter in the 'viewtopic.php' script is not verified properly and will allow an attacker to inject arbitrary code via preg_replace(). This vulnerability was introduced in revision 3076, and finally fixed in revision 5166. According to the "tags" within their tree, this corresponds to versions 2.0.4 through 2.0.15 (inclusive).

Author(s)

  • valsmith <valsmith@metasploit.com>
  • hdm <x@hdm.io>
  • aushack <patrick@osisecurity.com.au>

Platform

Unix

Architectures

cmd

Development

References

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/unix/webapp/phpbb_highlight
msf exploit(phpbb_highlight) > show targets
    ...targets...
msf exploit(phpbb_highlight) > set TARGET < target-id >
msf exploit(phpbb_highlight) > show options
    ...show and set options...
msf exploit(phpbb_highlight) > exploit

Time is precious, so I don’t want to do something manually that I can automate. Leveraging the Metasploit Framework when automating any task keeps us from having to re-create the wheel as we can use the existing libraries and focus our efforts where it matters.

– Jim O’Gorman | President, Offensive Security

;