HYSA-2006-001 h4cky0u.org Advisory 010
Date - Wed Jan 25 2006
TITLE:
phpBB 2.0.19 search.php and profile.php DOS Vulnerability
SEVERITY:
High
SOFTWARE:
phpBB 2.0.19 and prior
INFO:
phpBB is a high powered, fully scalable, and highly customizable
Open Source bulletin board package. phpBB has a user-friendly
interface, simple and straightforward administration panel, and
helpful FAQ. Based on the powerful PHP server language and your
choice of MySQL, MS-SQL, PostgreSQL or Access/ODBC database servers,
phpBB is the ideal free community solution for all web sites.
Support Website : http://www.phpbb.com
BUG DESCRIPTION:
The bug was originally found by HaCkZaTaN of NeoSecurityteam. The
original exploit code can be found at -
http://h4cky0u.org/viewtopic.php?t=3D637
This one affected only versions uptill phpBB 2.0.15. The exploit code
has been recoded which affects the latest version too. The bug resides
in the following two scripts-
profile.php << By registering as many users as you can.
search.php << By searching in a way that the db cannot understand.