News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Stefan Esser's Blog:
Some facts about the PHPList vulnerability and the phpbb.com hack
February 06, 2009 @ 08:44:25

Some of you might have heard about the hacking of the phpBB.com website earlier this week. Well, Stefan Esser has posted a bit more about the vulnerability in the PHPList software that lead to the problem.

A few days ago phpbb.com was hacked through a super-globals-overwrite vulnerability in PHPList that was used by an attacker for a local file inclusion exploit. Details about the whole attack, written down by someone who claims to be the attacker, can be read here.

Stefan talks about the superglobal problem PHPList had - allowing the superglobal information to overwrite the variables inside the script without so much as a check. Example code shows how it was possible for the attacker to provide their own configuration file value to be opened via a stream wrapper.

0 comments voice your opinion now!
vulnerability phplist phpbbcom hack exploit superglobal overwrite


blog comments powered by Disqus

Similar Posts

Secunia.com: Red Hat Update for PHP

Hardened-PHP Project: phpMyAdmin - error.php XSS Vulnerability

Stefan Koopmanschap's Blog: What we can learn from yesterday's phpBB.com hack

Secunia.com: WordPress myGallery Plugin "myPath" File Inclusion

Stoyan Stefanov's Blog: PHP-style $GLOBALS in Javascript?


Community Events





Don't see your event here?
Let us know!


opinion composer language laravel tool symfony install release framework series library package version voicesoftheelephpant podcast introduction security community interview update

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework