phpBB Input Validation Bug in username Lets Remote Users Conduct Cross-Site Scripting Attacks - SecurityTracker

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Forum/Board/Portal) > phpBB

Vendors: phpBB Group

phpBB Input Validation Bug in username Lets Remote Users Conduct Cross-Site Scripting Attacks

SecurityTracker Alert ID: 1012284

SecurityTracker URL: http://securitytracker.com/id/1012284

CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)

Date: Nov 19 2004

Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information

Fix Available: Yes Vendor Confirmed: Yes

Version(s): 2.0.10 and prior versions

Description: Several input validation vulnerabilities were reported in phpBB. A remote user can conduct cross-site scripting attacks and may be able to inject SQL commands.

The vendor reported that the 'username' variable is not properly validated. A remote user can supply specially crafted input that, when viewed by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the phpBB software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

A remote user may also be able to inject SQL commands, but that was not confirmed.

The vendor credits AnthraX101 with reporting the cross-site scripting flaw and warmth with reporting the SQL injection flaw.

Impact: A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the phpBB software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

Solution: The vendor has issued a fixed version (2.0.11), available at:

http://www.phpbb.com/downloads.php

Vendor URL: www.phpbb.com/ (Links to External Site)

Cause: Input validation error

Underlying OS: Linux (Any), UNIX (Any), Windows (Any)

Message History: None.

Source Message Contents

Date: Fri, 19 Nov 2004 17:23:27 -0500
Subject: http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=240636


> Changes since 2.0.10
> 
>     * Fixed unsetting global vars - Matt Kavanagh
>     * Fixed XSS vulnerability in username handling - AnthraX101
>     * Fixed not confirmed sql injection in username handling - warmth

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2013, SecurityGlobal.net LLC