Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 89791 - www-apps/phpBB: Auction Module SQL Injection Vulnerabilities
Summary: www-apps/phpBB: Auction Module SQL Injection Vulnerabilities
Status: RESOLVED INVALID
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: High normal
Assignee: Gentoo Security
URL: http://secunia.com/advisories/15029/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-04-20 05:00 UTC by Jean-François Brunette (RETIRED)
Modified: 2005-04-20 05:29 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jean-François Brunette (RETIRED) gentoo-dev 2005-04-20 05:00:41 UTC 
Don't know if our version includes this module...

------------------------------

Description:
sNKenjoi has reported two vulnerabilities in the phpbb-Auction module for phpBB, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "u" parameter in "auction_rating.php" and the "ar" parameter in "auction_offer.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

It is also possible to disclose the full path to "auction_myauctions.php" via an invalid value for the "mode" parameter.

The vulnerabilities have been reported in version 1.2m and prior. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.
Comment 1 Thierry Carrez (RETIRED) gentoo-dev 2005-04-20 05:29:02 UTC 
Our phpBB is pure phpBB, no module (nor salt) added.