To exploit or not to exploit, that is the question!

News artcles from the front page. Comment on them here.
Post Reply
NeoThermic
Site Owner
Site Owner
Posts: 104
Joined: Tue, 19 2004 Oct 23:21:02

To exploit or not to exploit, that is the question!

Post by NeoThermic » Sat, 16 2006 Sep 00:23:31

Please note: the following is the express views of myself only. It is not the views of the phpBB group, or indeed anyone else.

I was recently pointed to this topic by a user of phpBB, citing it as a fix to an apparent vulnerability.

Now, the basis of this vulnerability is that if someone calls /includes/functions.php directly, and register globals is on, they can set $phpbb_root_path and do arbitrary file inclusion.

Lets get this quite clear. functions.php only contains functions. There's no code outside of the functions (there's 18 functions). Anyone who knows an ounce of PHP knows that you can't call a function by directly calling a PHP file unless the code in said PHP file calls the function. In other words, there is no exploit here. There is no "sloppy coding" here either.

To this end, I have a challenge to those who really believe there is an exploit here. This file, echopassword.php contains one function, echopassword(). If you can successfully set $yes to any value (it isn't set in the code, only checked), you can get my password. Yes, my actual password. I have full faith that your attempts will not work as PHP does not work the way you think; that function can not be called externally in any shape.

And if you still think there's a problem with functions.php after this, please don't forget functions_admin.php, function_selects.php, and functions_validate.php

Plus, if you are wondering why functions_post.php has the check, that is because there's code outside of the functions.

Stu15
Newbie
Newbie
Posts: 2
Joined: Sat, 20 2005 Aug 05:34:58
Location: New Zealand
Contact:

Re: To exploit or not to exploit, that is the question!

Post by Stu15 » Sat, 16 2006 Sep 01:11:56

NeoThermic wrote:I was recently pointed to this topic by a user of phpBB, citing it as a fix to an apparent vulnerability.
:roll:

and again everyone will think that phpbb is a security issue :roll:

Trackback
Bot
Posts: 2
Joined: Tue, 27 2005 Sep 15:11:01
Location: NeoThermic's Blog
Contact:

Scope of PHP variables and how to not exploit them

Post by Trackback » Sat, 16 2006 Sep 04:31:31

Micheal's Blog sent this trackback:
As most of us know by now, there's generally 3 types of people when it comes to knowledge. First there's the group that think they know what they are doing and actually do know what they are doing. Second there's the group that think they don't know what they are doing and actually don't. Then lastly we have probably the most problematic group of all - the group that thinks they know what they are doing but really don't. Being in the programming world, I see this quite often. Also being in the world of information security, I see a lot of wannabe "experts" that in the end just cause trouble.
I'm just a Trackback bot. I have no function other than making Trackbacks for people!

Micheal's Blog

Post by Micheal's Blog » Sat, 16 2006 Sep 22:24:40

Well, I've found some interesting information. Of course we all know that phpBB isn't exploitable, but certain pre-mod packages are. I've updated my blog with the information

ToonArmy

They not like you

Post by ToonArmy » Sat, 23 2006 Sep 09:53:49

Looks like they don't like your site NeoThermic:

Code: Select all

ERROR 404
Your site has been identified as a bad referer.

There is a number of reasons for this:

1. Your website contains adult material or inappropriate content.
2. Your domain name matches a censored word (Porn,sex,milf etc..)
3. Your website contains inappropriate adverts/spam.
4. Your website has viruses.
I read that topic and thoroughly enjoyed the lameness of it, I guess some people just cannot face being incorrect.

NeoThermic
Site Owner
Site Owner
Posts: 104
Joined: Tue, 19 2004 Oct 23:21:02

Re: They not like you

Post by NeoThermic » Sat, 23 2006 Sep 16:16:18

ToonArmy wrote:I read that topic and thoroughly enjoyed the lameness of it, I guess some people just cannot face being incorrect.
Evidently so, and further childish actions by blocking my site from linking to them. Oh well, if they wish to dig themselves into a hole and hide from the truth, they're welcome to, but dont' be surprised if the rest of the world laughs at them for it.

NeoThermic

who_cares
Newbie
Newbie
Posts: 29
Joined: Fri, 15 2005 Apr 00:32:01
Location: ATL
Contact:

Re: They not like you

Post by who_cares » Mon, 25 2006 Sep 23:29:29

ToonArmy wrote:

Code: Select all

ERROR 404
Your site has been identified as a bad referer.
they're above sending proper error codes too

Post Reply