Uploaded image for project: 'phpBB'
  1. phpBB
  2. PHPBB-9365

X_FORWARDED_FOR is not filtered

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • 3.0.1
    • 3.0.x
    • Other
    • None
    • PHP Environment:
      Database:

      X_FORWARDED_FOR is not filtered through htmlspecialchars here:

      $this->browser= (!empty($_SERVER['HTTP_USER_AGENT'])) ? htmlspecialchars((string) $_SERVER['HTTP_USER_AGENT']) : '';
      $this->forwarded_for=(!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) ? (string) $_SERVER['HTTP_X_FORWARDED_FOR'] : '';

      So, it will be possible to use this vulnerability, if some mod use these lines and x_forwarded_for here.

      Taken from PhpBB 3 Vulnerability and Forscripts.Net On-Line Test 1/2008

            Kellanved Kellanved [X] (Inactive)
            alex007 alex007
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved: