原文出處:https://blog.ripstech.com/2018/phpbb3-phar-deserialization-to-remote-code-execution/
phpBB is one of the oldest and most popular board software. If an attacker aims to take over a board running phpBB3, he will usually attempt to gain access to the admin control panel by means of bruteforcing, phishing or XSS vulnerabilities in plugins that the target site has installed. But plugins cannot be installed directly in the admin panel and there is no other feature that can be abused by administrators to execute arbitrary PHP code. However, the vulnerability described here allows the attacker to break out of the admin panel, execute arbitrary PHP code on the underlying server and then to perform a full site takeover.
The issue in the phpBB3 code base (300 KLOC) is a Phar deserialization vulnerability. It was fixed in version 3.2.4. Our leading SAST solution RIPS automatically detected this vulnerability in 3 minutes scan time.
文章圖片來源:https://blog.ripstech.com/2018/phpbb3-phar-deserialization-to-remote-code-execution/
前言引用來源:https://blog.ripstech.com/2018/phpbb3-phar-deserialization-to-remote-code-execution/
-------------------
如果你認同我們每日分享的文章,請幫我們按個讚並且點擊追蹤「搶先看」,讓我們提供最新消息給您!您的分享及點讚,是我們持續推廣資訊安全最大的動力來源。
https://www.facebook.com/LonelyPoPo/
