2176 matches found
phpBB < 2.0.7 Multiple XSS
There are cross-site scripting vulnerabilities in the files 'ViewTopic.php' and 'ViewForum.php' in the remote installation of phpBB. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid12093; scriptversion"1.27";...
phpBB 2.0.6d - Cross Site Scripting
phpBB 2.0.6d - Cross Site Scripting phpBB Cross Site Scripting Vendor: phpBB Group Product: phpBB Version: = 2.0.6d Website: http://www.phpbb.com/ BID: 9865 9866 Description: phpBB is a high powered, fully scalable, and highly customisable open-source bulletin board package. phpBB has a...
phpBB < 2.0.6d - Cross Site Scripting
phpBB Cross Site Scripting Vendor: phpBB Group Product: phpBB Version: = 2.0.6d Website: http://www.phpbb.com/ BID: 9865 9866 Description: phpBB is a high powered, fully scalable, and highly customisable open-source bulletin board package. phpBB has a user-friendly interface, simple and...
phpBB session table exhaustion
The includes/sessions.php unnecessarily adds session item into session table and therefore vulnerable to a denial-of-service attack...
New phpBB ViewTopic.php Cross Site Scripting Vulnerability
Advisory Name:New phpBB ViewTopic.php Cross Site Scripting Vulnerability Release Date: Feb 29,2004 Application: phpBB Platform: PHP Version Affected: the lastest version Vendor URL: http://www.phpbb.com/ Discover: Cheng Peng Suapplesoupatmsn.com Details: This vuln is similar to Arab VieruZ's...
phpBB 1.x2.0.x - search.php?search_results SQL Injection
phpBB 1.x2.0.x - search.php?searchresults SQL Injection source: https://www.securityfocus.com/bid/9883/info A vulnerability has been reported to exist in the software that may allow a remote user to inject malicious SQL syntax into database queries. The problem reportedly exists in one of the...
phpBB 1.x/2.0.x - 'search.php?search_results' SQL Injection
source: https://www.securityfocus.com/bid/9883/info A vulnerability has been reported to exist in the software that may allow a remote user to inject malicious SQL syntax into database queries. The problem reportedly exists in one of the parameters of the search.php script. This issue is caused b...
CVE-2003-1530
SQL injection vulnerability in privmsg.php in phpBB 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the mark parameter...
CVE-2003-1373
Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through 1.4.4 allows remote attackers to read and include arbitrary files via .. dot dot sequences followed by NULL %00 characters in CGI parameters, as demonstrated using the lang parameter in prefs.php...
CVE-2003-1244
SQL injection vulnerability in pageheader.php in phpBB 2.0, 2.0.1 and 2.0.2 allows remote attackers to brute force user passwords and possibly gain unauthorized access to forums via the forumid parameter to index.php...
SQL Injection in phpBB's groupcp.php
BugTraq, I have found an SQL injection vulnerability in phpBB. Hoever, I don't think this is going to be be a wide spread problem as it will only work if you are the moderator of a group. How the SQL injection works: In groupscp, it uses an array set to delete members from certain groups. This...
CVE-2003-1215
SQL injection vulnerability in groupcp.php for phpBB 2.0.6 and earlier allows group moderators to perform unauthorized activities via the sqlin parameter...
phpBB 2.0.6 - 'privmsg.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/9290/info phpBB is prone to a cross-site scripting vulnerability in the 'privmsg.php' script. The source of the problem is that HTML and script code are not adequately sanitized from input supplied via URI parameters. This input will be included in...
phpBB 2.0.6 - privmsg.php Cross-Site Scripting
phpBB 2.0.6 - privmsg.php Cross-Site Scripting source: https://www.securityfocus.com/bid/9290/info phpBB is prone to a cross-site scripting vulnerability in the 'privmsg.php' script. The source of the problem is that HTML and script code are not adequately sanitized from input supplied via URI...
phpBB 2.0.6 - search_id SQL Injection MD5 Hash
phpBB 2.0.6 - searchid SQL Injection MD5 Hash !/usr/bin/perl -w use IO::Socket; PROOF-OF-CONCEPT work only with mysql ver 4.0 work only with post 1 Example: C:\r57phpbb-poc.pl 127.0.0.1 phpBB2 2 2 prepare to connect... + connected prepare to send data... + OK wait for response... + MD5 Hash for...
phpBB 2.0.6 search_id sql injection MD5 Hash Remote Exploit
Exploit for unknown platform in category web applications =========================================================== phpBB 2.0.6 searchid sql injection MD5 Hash Remote Exploit =========================================================== !/usr/bin/perl -w use IO::Socket; PROOF-OF-CONCEPT work only...
phpBB 2.0.6 search_id sql injection MD5 Hash Remote Exploit
No description provided by source. !/usr/bin/perl -w use IO::Socket; PROOF-OF-CONCEPT work only with mysql ver 4.0 work only with post 1 Example: C:\r57phpbb-poc.pl 127.0.0.1 phpBB2 2 2 prepare to connect... + connected prepare to send data... + OK wait for response... + MD5 Hash for user with id...
phpBB 2.0.6 - 'search_id' SQL Injection / MD5 Hash
!/usr/bin/perl -w use IO::Socket; PROOF-OF-CONCEPT work only with mysql ver 4.0 work only with post 1 Example: C:\r57phpbb-poc.pl 127.0.0.1 phpBB2 2 2 prepare to connect... + connected prepare to send data... + OK wait for response... + MD5 Hash for user with id=2 is:...
phpBB < 2.0.7 Multiple Script SQL Injection
The remote host is running a version of phpBB older than 2.0.7. There is a flaw in the remote software that could allow anyone to inject arbitrary SQL commands, which may in turn be used to gain administrative access on the remote host or to obtain the MD5 hash of the password of any user...
phpBB206.txt
phpBB v2.06 searchid sql injection exploit -Hat-Squad Security Team- Using this query you will get MD5 password hash for useruid as highlight variable for viewtopic.php in search results page.Works with mysql4. http://site.com/search.php?searchid=1%20union%20select%20concatchar...