|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 91
Members: 0
Total: 91
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
Posted: Thu May 12, 2005 1:58 pm |
|
|
lone_wolf |
Regular user |
|
|
Joined: Feb 20, 2005 |
Posts: 9 |
|
|
|
|
|
|
|
shai-tan wrote: | Thats how I found this site too same advisory too. He had done it wrong on purpose. Only 25 Characters of the users MD5 came out of it. |
Yes, my thought exactly. But, that didn't help much - that exploit have started a line of highest risk exploits that made good old PhpBB one of the most unsecure boards at the moment
shai-tan wrote: |
Warez and Ares are P2Ps they have chat rooms on them for heaps of different subjects there are tonnes of "hacking" ones on it. |
Ugh. I've heard much of that kind of places but never stumbled upon it myself
Hopefully. |
|
|
|
|
Posted: Fri May 13, 2005 2:18 am |
|
|
jearthree |
Regular user |
|
|
Joined: May 10, 2005 |
Posts: 6 |
|
|
|
|
|
|
|
Does anyone know if castlecop released the exploit? |
|
|
|
|
|
Re |
|
Posted: Wed Jun 01, 2005 10:36 pm |
|
|
mister |
Beginner |
|
|
Joined: Jun 02, 2005 |
Posts: 4 |
|
|
|
|
|
|
|
Does anyone know if castlecop released the exploit? |
|
|
|
|
Posted: Thu Jun 02, 2005 4:20 pm |
|
|
Injector |
Active user |
|
|
Joined: Dec 29, 2004 |
Posts: 49 |
|
|
|
|
|
|
|
This sites not bad but abit too open for skiddies though, like showing them some proof of concept instead of just showing them the bug. Now all they have to do is stick those characters to the URL. sad....sad....sad......
Then the worst part is when they ask question like this ones
Is there any exploit for this software? |
|
|
|
|
|
|
|
|
Posted: Sun Jun 05, 2005 1:40 pm |
|
|
dfenzz |
Beginner |
|
|
Joined: Jun 05, 2005 |
Posts: 1 |
|
|
|
|
|
|
|
*INTRODUCTION
phpBB is a popular bulletin board system based on PHP. There is a lack of
filtering for the BBCODE URL. Initially discovered: encapsulating a
specially crafted URL, a user caught clicking on the resulting hyperlinks
can have their registry entries modified without their knowledge [huge
hazard!], among other things. Originally successfully tested with
"javascript://", but subsequent discovery showed that "applet://",
"about://", "activex://", "chrome://", and "script://" may be able to get
thru as well with the URL enclosure or not (of course, browser dependant).
It is recommended that these types of URIs not be allowed to render at all
in the phpBB system as the possible user computer hijacking can be
gargantuan. There is enough hijacking in spyware products (ref:
http://castlecops.com/f67-Hijackthis_Spyware_Viruses_Worms_Trojans_Oh_My.html
).
*PROOF OF CONCEPT
This POC uses the URL encapsulation:
Alert box with "CouCou"
Create registry entry: HKCU\QQQQQ\qq = "CouCou"
Modify opener page: Paul -> P.A.U.L
If you click on the second link, be sure to find and remove the "QQQQQ"
entry in your Windows Registry. However, we recommend you do not click
expect for developer testing and patching. |
|
|
|
|
|
www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 2 of 2
Goto page Previous1, 2
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|