|
Home Forum Radio Memberlist Help Search Quick Links | |
| Forum Index » Internet » Security Alerts and vulnerabilities » phpBB Attachment Mod |
| Security Alerts and vulnerabilities Lets keep abreast on the latest threats by posting those findings here.. |
 |
 |
|
Thread Tools | Display Modes |  |
|
#1
12-18-2004, 10:20 PM
|
||||
|
||||
|
phpBB Attachment Mod Multiple Extensions File Uploading Vulnerability
Posted on 17 December 2004 From: <advisory(at)stgsecurity.com> STG Security Advisory: [SSA-20041215-18] Revision 1.1 Date Published: 2004-12-15 (KST) Last Update: 2004-12-15 Disclosed by SSR Team (advisory@stgsecurity.com) Summary ======== phpBB Attachment Mod is file upload module for phpBB. However, an input validation flaw can cause malicious attackers to run arbitrary commands with the privilege of the HTTPD process, which is typically run as the nobody user. Vulnerability Class =================== Implementation Error: Input validation flaw Impact ====== High : arbitrary command execution. Affected Products ================ Attachment Mod 2.3.10 and prior. Vendor Status: FIXED ==================== 2004-12-08 Vulnerability found. 2004-12-08 Attachment Mod developer notified. 2004-12-13 Update version released. 2004-12-15 Official release. Details ======= Attachment Mod doesn't implemented to check multiple extensions of uploaded files, e.g. attack.php.rar, so malicious attackers can upload arbitrary script files (php, pl, cgi, etc) to a web server. This is originated from a feature of Apache MIME module (mod_mime), which regards attack.php.rar as a normal PHP file and execute the file through mod_php module with the privilege of the HTTPD process. cf. http://httpd.apache.org/docs/mod/mod_mime.html - "Files with Multiple Extensions" : it's a feature, not a bug. Solution ========= Update to 2.3.11 http://www.opentools.de/board/viewtopic.php?t=3590 
|
 Posted |
|
#2
04-23-2008, 06:17 AM
|
|||
|
|||
How to get several best-seller books for webmasters for unreasonably low price
Hi folks
Just trapped on a little tool to slice website images. Quick in preparing ready html from simple single-image site design. Program is rather crappy and cheap (especially comparing to similar function in PhotoShop). But! Just look what books come as a bonus: Search Engine Optimization: An Hour a Day Web Design in a Nutshell, 3rd Edition Webmaster in a Nutshell, 3rd Edition etc... I wonder how $270 priced books can be sold for just 20 dollars... Anyway here's link: http://www.sliceimage.com/ Hope these books will help you as well. PS: Don't forget to click on the links in my signature in reward  Regards, Mark
|
|
#3
07-15-2008, 04:23 AM
|
|||
|
|||
|
Just got several best-seller books for webmasters for unreasonably low price
Hi everybody
Just trapped on a little tool to slice website images. Quick in preparing ready html from simple single-image site design. Program is rather crappy and cheap (especially comparing to similar function in PhotoShop). But there is a trick! Just look what books come as a bonus: Search Engine Optimization: An Hour a Day Web Design in a Nutshell, 3rd Edition Webmaster in a Nutshell, 3rd Edition etc... I wonder how $270 priced books can be sold for just 20 dollars... Anyway here's link: http://www.sliceimage.com/ Hope these books will help you as well. Regards, Mark
|
|
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| phpbb vulnerablilty | Mobo | Security Alerts and vulnerabilities | 0 | 02-22-2005 07:32 AM |
|
||
|
|
|
It appears you have not yet registered with our community
which limits what you can do & see. It's Free To register, please click here.
Linear Mode
