To exploit or not to exploit, that is the question!

[NeoThermic]

Please note: the following is the express views of myself only. It is not the views of the phpBB group, or indeed anyone else.

I was recently pointed to this topic by a user of phpBB, citing it as a fix to an apparent vulnerability.

Now, the basis of this vulnerability is that if someone calls /includes/functions.php directly, and register globals is on, they can set $phpbb_root_path and do arbitrary file inclusion.

Lets get this quite clear. functions.php only contains functions. There's no code outside of the functions (there's 18 functions). Anyone who knows an ounce of PHP knows that you can't call a function by directly calling a PHP file unless the code in said PHP file calls the function. In other words, there is no exploit here. There is no "sloppy coding" here either.

To this end, I have a challenge to those who really believe there is an exploit here. This file, echopassword.php contains one function, echopassword(). If you can successfully set $yes to any value (it isn't set in the code, only checked), you can get my password. Yes, my actual password. I have full faith that your attempts will not work as PHP does not work the way you think; that function can not be called externally in any shape.

And if you still think there's a problem with functions.php after this, please don't forget functions_admin.php, function_selects.php, and functions_validate.php

Plus, if you are wondering why functions_post.php has the check, that is because there's code outside of the functions.

[Stu15]

I was recently pointed to this topic by a user of phpBB, citing it as a fix to an apparent vulnerability.

and again everyone will think that phpbb is a security issue

[Trackback]

Micheal's Blog sent this trackback:
As most of us know by now, there's generally 3 types of people when it comes to knowledge. First there's the group that think they know what they are doing and actually do know what they are doing. Second there's the group that think they don't know what they are doing and actually don't. Then lastly we have probably the most problematic group of all - the group that thinks they know what they are doing but really don't. Being in the programming world, I see this quite often. Also being in the world of information security, I see a lot of wannabe "experts" that in the end just cause trouble.

[Micheal's Blog]

Well, I've found some interesting information. Of course we all know that phpBB isn't exploitable, but certain pre-mod packages are. I've updated my blog with the information

[ToonArmy]

Looks like they don't like your site NeoThermic:

Code: Select all

ERROR 404
Your site has been identified as a bad referer.

There is a number of reasons for this:

1. Your website contains adult material or inappropriate content.
2. Your domain name matches a censored word (Porn,sex,milf etc..)
3. Your website contains inappropriate adverts/spam.
4. Your website has viruses.

I read that topic and thoroughly enjoyed the lameness of it, I guess some people just cannot face being incorrect.

[NeoThermic]

I read that topic and thoroughly enjoyed the lameness of it, I guess some people just cannot face being incorrect.

Evidently so, and further childish actions by blocking my site from linking to them. Oh well, if they wish to dig themselves into a hole and hide from the truth, they're welcome to, but dont' be surprised if the rest of the world laughs at them for it.

NeoThermic

[who_cares]

Code: Select all

ERROR 404
Your site has been identified as a bad referer.

they're above sending proper error codes too