phpBB Privmsg.PHP HTML Injection Vulnerability

Bugtraq ID:	22001
Class:	Input Validation Error
CVE:	CVE-2006-6421
Remote:	Yes
Local:	No
Published:	Jan 11 2007 12:00AM
Updated:	Mar 19 2015 09:32AM
Credit:	Demential is credited with the discovery of this vulnerability.
Vulnerable:	phpBB Group phpBB 2.0.21
Not Vulnerable:	phpBB phpBB 2.0.22

phpBB Privmsg.PHP HTML Injection Vulnerability

phpBB is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would execute in the context of the affected website, potentially allowing an attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.

Version 2.0.21 is vulnerable; other versions may also be affected.

phpBB Privmsg.PHP HTML Injection Vulnerability

Attackers can exploit this issue via a browser.

Sample exploit code has been provided:

• /data/vulnerabilities/exploits/22001.html

phpBB Privmsg.PHP HTML Injection Vulnerability

Solution:
The vendor has released version 2.0.22 to address this issue; please see the reference section for details.

phpBB Privmsg.PHP HTML Injection Vulnerability

References:

• phpBB Home Page (phpBB)
  
• phpBB (privmsg.php) XSS Exploit ([email protected])
  
• Re: phpBB (privmsg.php) XSS Exploit ([email protected])