.png)
4 months ago
40 BOOK THIS SPACE FOR AD
ARTICLE ADWhat is CVE-2019-9826 on PHPBB?
It is Denial of service (DoS) attacks vulnerability.
So Now let see the exploitation part:
Step To Reproduce:
1-Go to example[.]com/forum/search.php?keyword=test
2-Now the endpoint that making DoS it’s search.php via keyword parameter.
3-Making simple Fuzzing with FFUF tool
4-ffuf -w /wordlist -u https://example[.]com/forum/search.php?keyword=FUZZ
5-Now go to your endpoint, you will see he will be out of service. With many impacts on users/admins.
The Impact of this vulnerability is:
Successful exploitation generates a slow SQL query which causes the database engine used by phpBB to consume all available CPU resources. Depending upon the database engine, users will also be completely unable to create or modify posts due to locks on the search index tables. The slowness of the query depends on the size of the search_wordlist and search_wordmatch tables.
So as you see it have many impacts on users/admin on forum , that will not just be Denial of service, But will Denied any users/admin to create or modify posts on the forum page. And many others impacts.
Hope you guys enjoyed reading this write-up.
Bengali (Bangladesh) · 
English (United States) ·