Strike ID:
E19-5oqy1
CVSS:
6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
False Positive:
t
Variants:
12
Year:
2018

Description

This strike emulates a remote code execution via a POP chain attack on PhpBB forum platform. The vulnerability resides in calling the file exists function with user supplied data when checking the ImageMagick binary path. An authenticated attacker may gain arbitrary code execution by uploading a polyglot JPEG-PHAR file beforehand then setting the ImageMagick path to the polyglot, using the phar:// prefix.

CVE

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-%7B2018-19274%7D

References

https://support.ixiacom.com/%7Bhttps%3A//blog.ripstech.com/2018/phpbb3-phar-dese...

MSB

https://technet.microsoft.com/en-us/library/security/MS{}

BID

http://www.securityfocus.com/bid/{}

ExploitDB

http://www.exploit-db.com/exploits/{}

Secunia

http://secunia.com/advisories/{}

Security Tracker

http://securitytracker.com/id?%7B%7D

Metasploit

https://github.com/rapid7/metasploit-framework/blob/master/modules/{}

ZDI

http://www.zerodayinitiative.com/advisories/ZDI-{}

Google

https://code.google.com/p/google-security-research/issues/detail?id=%7B%7D

OSVDB

{}