Forums: XSS Scripting Exploit found by Manaox2 - Forums

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

XSS Scripting Exploit found by Manaox2

#1 User is offline   manaox2 

  • Private First Class
  • Icon
  • Group: Members
  • Posts: 75
  • Joined: 15-September 04

Posted 10 July 2005 - 06:14 PM

First Succesful Exploit I found.

The phpBB 2.0.16 XSS Remote Exploit. It can be used for many things, but I only can think of java alert spamming and stealing cookies and the admin password by pming them and getting it to steal their hash.

What I used was:
[url]www.[url=www.s=''style='top:expression(eval(this.sss));'sss=`alert('MessageHereWithoutSpaces');this.sss=null`s='][/url][/url]'


You can also use code to steal cookies by writing your own cookie.php and cross site scripting with this. View the source to see what worked and what didn't.

Some References:

http://www.waraxe.us/ftopict-890.html
http://antichat.ru/txt/phpbb/ (Russian)
http://kisobox.com/e...ies.stealer.txt
http://www.milw0rm.com/id.php?id=1095

This only works on Internet Explorer. If you have your Local Intranet and Internet settings set to high as you should for the javaprxy.dll exploit out there, it also will not work. I want to know of more exploits for this. I hope everyone will get to work!
0

#2 User is offline   Stephen 

  • Commander In Chief
  • Icon
  • Group: Admin
  • Posts: 1,490
  • Joined: 21-August 03

Posted 11 July 2005 - 02:56 PM

Interesting but this also happens to be the very first exploit returned in a google search so good job eh <_<
www.SwiftLayer.com
SwiftLayer serves a multitude of customer needs, from the small businesses to the corporate giants, we have researched and delivered solutions that are perfect for today yet adaptable for tomorrow. SwiftLayer's shared hosting, virtual hosting, and managed hosting is the ideal choice for business success.

Click to view our services:
0

#3 User is offline   manaox2 

  • Private First Class
  • Icon
  • Group: Members
  • Posts: 75
  • Joined: 15-September 04

Posted 12 July 2005 - 06:57 AM

Salvia, on Jul 11 2005, 05:56 PM, said:

Interesting but this also happens to be the very first exploit returned in a google search so good job eh  <_<
<{POST_SNAPBACK}>


I believe its also the last. I have not heard of any other found vulnerabilities for phpBB 2.0.16. I admit that I didn't discover this vulnerability, but only proved it worked on the wargames server. I want to now know if someone had any more information on the new critical firefox exploits and if these two exploits could be combined to maybe, say, change a wallpaper.
0

#4 User is offline   Blake 

  • Former Commander In Chief
  • Icon
  • Group: Retired General
  • Posts: 7,317
  • Joined: 24-September 02

Posted 12 July 2005 - 01:35 PM

Geez ok, the concept is to find new vulnerabilities in the software, not just rehash the old ones.
Posted Image Subscribe To Our RSS Feed For the Latest News from GovernmentSecurity.org
Would you like to earn money posting on GSO?
0

#5 User is offline   manaox2 

  • Private First Class
  • Icon
  • Group: Members
  • Posts: 75
  • Joined: 15-September 04

Posted 13 July 2005 - 12:21 AM

GSecur, on Jul 12 2005, 04:35 PM, said:

Geez ok, the concept is to find new vulnerabilities in the software, not just rehash the old ones.
<{POST_SNAPBACK}>


Sorry about the misunderstanding. I had included references in my post, so as not to be trying to take credit for this exploit. I'll attempt to find a new one.
0

#6 User is offline   Blake 

  • Former Commander In Chief
  • Icon
  • Group: Retired General
  • Posts: 7,317
  • Joined: 24-September 02

Posted 13 July 2005 - 06:55 AM

I know, it was more of my fault. I labeled tech topic before I completely read it.
Posted Image Subscribe To Our RSS Feed For the Latest News from GovernmentSecurity.org
Would you like to earn money posting on GSO?
0
Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users

  • Share



Our Sponsors:


SwiftLayer Affiliate Web Hosting