Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

bbcodeLogout.txt

🗓️ 24 Aug 2005 00:00:00Reported by h4cky0uType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 36 Views

Security vulnerability in BBcode for phpBB and vBulleti

Code
`Hi,  
  
Saw this one on www.waraxe.us (Discovered by Easyex) and i was  
thinking if there are some more possibilities using the method  
described. The POC below is for phpBB. -  
  
==========  
make yourself a folder on your host   
rename the folder to signature.jpg   
this will trick bbcode that its an image file.   
  
example http://sitewithmaliciouscode/signature.jpg   
  
inside that folder .. put this code ..   
and rename it to index.php file.   
  
Quote:   
<?php   
header("Location: http://hosttobeexploited/phpBB/login.php?logout=true");   
exit;   
?>  
  
this will make every visitor getting logout when they view the thread that   
have image linked to this.  
===================  
  
  
This seems to be working on almost all the scripts using BBcode.  
Successfully tested on vBulletin 3.0.7 and phpBB 2.0.17 when used the  
image link to the folder with the malicious code as the forum  
signature. What i was wondering is there anything more serious than  
logging out the users that can be done with this? The admin folders of  
ipb and phpbb need reauthentication. So nothing serious for them but  
anything more innovative that could be done? And any way to fix this?  
  
Regards,  
--   
http://www.h4cky0u.org  
(In)Security at its best...  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
24 Aug 2005 00:00Current
7.4High risk
Vulners AI Score7.4
bbcodephpbbvbulletinsecurityvulnerabilityexploit
36