Multiple Extensions Vulnerability in phpBB Attachment Mod
28 Dec. 2004
Summary
The phpBB Attachment Mod is a "file upload module for phpBB". However, an input validation flaw in phpBB's Attachment Mod allows a malicious attackers to run arbitrary commands with the privileges of the HTTPD process, which is typically run as the nobody user.
Credit:
The information has been provided by SSR Team.
Vulnerable Systems:
* phpBB's Attachment Mod version 2.3.10 and prior
Immune Systems:
* phpBB's Attachment Mod version 2.3.11 or newer
phpBB's Attachment Mod doesn't implemented any type of check for multiple extensions of uploaded files, e.g. attack.php.rar. Therefore, malicious attackers can upload arbitrary script files (PHP, pl, CGI, etc) to a web server. This is vulnerability is caused by Apache's MIME module (mod_mime), which regards attack.php.rar as a normal PHP file and execute the file through mod_php module with the privilege of the HTTPD process.
Disclosure Timeline:
2004-12-08 Vulnerability found
2004-12-08 Attachment Mod developer notified
2004-12-13 Update version released
2004-12-15 Official release
