This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This event indicates an attempt to exploit vulnerabilities in phpBB open-source application.
phpBB is an open-source web forum application that is written in PHP and supported by a number of database products. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems.
The 'viewtopic.php' phpBB script is prone to a remote PHP script injection vulnerability as well as a remote input validation vulnerability due to a failure in the urldecode function reportedly affects phpBB.
A remote input validation vulnerability due to a failure in the urldecode function reportedly affects phpBB. This issue is due to a failure to filter critical characters from user-supplied input.
This script injection issue is due to a failure to filter critical characters from user-supplied input.
This input validation issue is due to a failure of the application to properly sanitize user-supplied URI parameters before using them to construct dynamically generated web pages.
The script injection problem presents itself when a malicious user provides specially formatted URL encoded data to the vulnerable script through the 'highlight' parameter. This may allow a remote attacker to execute arbitrary commands in the context of the web server that is hosting the vulnerable software. This issue may also potentially be exploited to trigger SQL injection attacks, this is not confirmed.
The input validation problem presents itself as the urldecode function used to filter potentially malicious content from user-supplied input fails to properly translate user-specified input. Specifically all '%2527' strings are translated to '%27', corresponding to the single quote character. Apparently the application fails to properly escape this character once translated, facilitating SQL injection and potentially PHP code execution.
**Update: These vulnerabilities are being actively exploited by the Perl.Santy.* worms
- Gentoo Linux
- phpBB Group phpBB 1.0.0, 1.2.0, 1.2.1, 1.4.0, 1.4.1, 1.4.2, 1.4.4, 2.0 Beta 1, 2.0 RC1, 2.0 RC2, 2.0 RC3, 2.0 RC4, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.6 c, 2.0.6 d, 2.0.7, 2.0.7 a, 2.0.8
- PNphpBB PNphpBB 1.2, 1.2 f, 1.2 g