|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 104
Members: 0
Total: 104
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
phpbb 2.0.15 URL Tag Input Validation Hole |
|
Posted: Wed Jun 08, 2005 3:16 am |
|
|
LINUX |
Moderator |
|
|
Joined: May 24, 2004 |
Posts: 404 |
Location: Caiman |
|
|
|
|
|
|
Diablo reported a vulnerability in phpBB in the processing of BBCode URL tags. A remote user can conduct cross-site scripting attacks.
A remote user can submit specially crafted BBCode URL tags that, when viewed by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the phpBB software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Some demonstration exploit URLs are provided:
[url=javascript://%0ASh=alert(%22CouCou%22);
window.close();]Alert box with \"Exploit By Diablo #asc #uruguay\"[/url]
[url=javascript://%0ASh=new%20ActiveXObject
(%22WScript.shell%22);Sh.regwrite(%22HKCU
%5C%5CQQQQQ%5C%5Cqq%22,%22Ex ploit By Diablo #asc #uruguay
%22);window.close();]Create registry entry:
HKCU\\QQQQQ\\qq = \"CouCou\"[/url]
[url=javascript://%0Awindow.opener.document.body.
inner HTML=window.opener.document.body.innerHTML.
replace(%27Hacked%20By%27,%27Diablo%2#asc#uruguai%27);
window.close();]Modify opener page: Diablo -> irc.gigachat.net #asc #uruguay[/url]
Impact: A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the phpBB software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user. |
|
|
|
|
|
|
|
|
Posted: Wed Jun 08, 2005 5:05 am |
|
|
y3dips |
Valuable expert |
|
|
Joined: Feb 25, 2005 |
Posts: 281 |
Location: Indonesia |
|
|
|
|
|
|
just disabling your BBCODE
even the forum wont look so nice, but i think it helps |
|
_________________ IO::y3dips->new(http://clog.ammar.web.id); |
|
|
|
www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|