TUCoPS :: Web BBS :: Frequently Exploited :: b06-1618.htm

phpBB template file code execution
phpBB template file code execution
phpBB template file code execution



phpBB HTML template files are parsed and executed as PHP code.

This files are not well filtered so a user having access to template files can execute PHP code. You can't trust your designer or template files you found around the web

Example:
Replace ALL switch_enable_pm_popup in overall_header.tpl
By: switch_enable_pm_popup;global $board_config;var_dump($board_config);exit;?>

The part after the first ";" will be executed as PHP code.

bbcode.tpl is parsed in a different way, and any code you place outter of  will be executed as PHP code.

Possible solution:
Use ([0-9a-z_\.-]+) pattern rather than (.*) in includes/template.php to match BEGIN and END statements.

For bbcode.tpl, change method to parse the template in includes/bbcode.php, do not eval the template.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH