SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Forum/Board/Portal)  >   phpBB Vendors:   phpBB Group
(Additional Exploit Details) phpBB Image Tag Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks Against phpBB Users
SecurityTracker Alert ID:  1012552
SecurityTracker URL:  http://securitytracker.com/id/1012552
CVE Reference:   CVE-2002-0902   (Links to External Site)
Date:  Dec 16 2004
Impact:   Disclosure of authentication information, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 2.0.0
Description:   A vulnerability was reported in the phpBB forum software. A remote user can conduct cross-site scripting attacks against phpBB users to steal their cookies and gain access to their phpBB accounts.

It is reported that phpBB allows a remote user to create a message that includes scripting code inserted in the [IMG] tag. For example, a remote user can insert the following text into a message:

[img]http://a.a/a"onerror="javascript:alert(document.cookie)[/img]

When the target (victim) user reads the message, the scripting code will be executed by the target user's browser. The code will run in the security context of the site running phpBB. If the code was malicious, it could obtain the target user's cookies associated with that site. This would allow a remote user to grab the target user's authentication cookies and then login to the phpBB forum as the target user.

This same vulnerability reportedly exists in the remote avatar part of the user profile.

In December 2004, Gurjanov Ilia reported that in version 1.4.4, scripting code can also be inserted using the 'vbscript' code. A demonstration exploit is provided:

[img]vbscript: alert(document.cookie)[/img]
Impact:   A remote user could cause arbitrary scripting code to be executed by the target (victim) user's browser to steal the target user's phpBB forum authentication cookies. With the authentication cookies, the remote user can then login to the phpBB forum as the target user.
Solution:   The vendor has released a fixed version (2.0.1), available at:

http://www.phpbb.com/downloads.php
Vendor URL:  www.phpbb.com/ (Links to External Site)
Cause:   Input validation error
Underlying OS:   Linux (Any), UNIX (Any), Windows (Any)

Message History:   This archive entry is a follow-up to the message listed below.
May 31 2002 phpBB Image Tag Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks Against phpBB Users


 Source Message Contents
Date:  Wed, 15 Dec 2004 23:23:55 +0400
Subject:  CSS in phpBB 1.4.4


I found a bug in quite old forum system phpBB 1.4.4

phpBB 1.4.4 is vulnerable to Cross Site Scripting Attack.

[Vulnerable]

You can put vbscript in [img] bbcode tags.
For example:

[img]vbscript: alert(document.cookie)[/img]

Author: Gurjanov Ilia or Net
agent050@sama.ru


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC