Fix for phpbb 2.0.18 query exploit

Forum Moderators: rogerd

Message Too Old, No Replies

Fix for phpbb 2.0.18 query exploit

BlackRaven

7:02 pm on Dec 6, 2005 (gmt 0)

Fix for Phpbb 2.0.18 Search Explot/Bug

#in common.php find

// Define some basic configuration arrays this also prevents

#Before Add the following

foreach (array('POST', 'GET', 'REQUEST') as $gpc)
{
$gpcc = 'HTTP_'.$gpc.'_VARS';
if ($GLOBALS[$gpcc])
{
foreach ($GLOBALS[$gpcc] as $index => $ppp)
{
if (strlen($ppp) > 1024*1024)
{
$GLOBALS[$gpcc][$index] = substr($ppp,0,1024*1024-1).' ';
}
}
}
}

rogerd

11:25 am on Dec 7, 2005 (gmt 0)

Thanks for posting, BR - is there any word on an official patch?

BlackRaven

7:03 pm on Dec 7, 2005 (gmt 0)

i had this posted on phpbb sercurity & bug tracker since Nov 20 and still no info on any official patches.

rogerd

7:18 pm on Dec 7, 2005 (gmt 0)

Hmmm, if this flaw is that old someone is bound to start exploiting it.

goldminer

11:51 pm on Dec 7, 2005 (gmt 0)

This is scary!
googling phpbb 2.0.18 query exploit you will find everything!
But fast searching phpbb.com : nothing!

I don't understand, if someone could explain/clarify, that would be great!

encyclo

3:08 am on Dec 8, 2005 (gmt 0)

i had this posted on phpbb sercurity & bug tracker since Nov 20 and still no info on any official patches.

If I understand the problem correctly, there won't be an urgent patch as it is not an urgent bug. From the summary on a security-related site discussing the bug:

SecurityRisk : Low
Remote Exploit : No
Local Exploit : No
Exploit Given : No

The report was minimized on Bugtraq and elsewhere. At worst it appears to reveal the installation path or maybe an SQL error - but there is no accompanying weakness to exploit. Yes it theoretically would a good idea to limit the size of an SQL query for the next version of pbpBB, but I doubt they will act for this bug alone.

Of course if someone finds a way of exploiting this weakness in the code, then it might become more urgent to create a patch.