phpBB 3.2.3: Phar Deserialization to RCE

20 Nov 2018 by Simon Scannell
phpBB3 Phar Deserialization

A new PHP exploit technique affects the most famous forum software phpBB3. The vulnerability allows attackers who gain access to an administrator account to execute arbitrary PHP code and to take over the entire board.

Read More ...

phpBB 2.0.23 - From Variable Tampering to SQL Injection

13 Dec 2016 by Johannes Dahse

phpBB

In our 12th advent calendar gift, we would like to cover an exciting SQL injection in phpBB2. Although phpBB2 was replaced by its successor phpBB3, it is still one of the most popular bulletin boards. RIPS detected a less severe but very beautiful SQL injection vulnerability that bases on a PHP quirk we will examine in detail in this post.

Read More ...