PHPBB ViewTopic.PHP "postorder" Cross-Site Scripting Vulnerability
BID:9765
Info
PHPBB ViewTopic.PHP "postorder" Cross-Site Scripting Vulnerability
| Bugtraq ID: | 9765 |
| Class: | Input Validation Error |
| CVE: |
CVE-2004-0339 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 28 2004 12:00AM |
| Updated: | Jul 12 2009 03:06AM |
| Credit: | Discovered by Cheng Peng Su <[email protected]>. |
| Vulnerable: |
phpBB Group phpBB 2.0.7 phpBB Group phpBB 2.0.6 c phpBB Group phpBB 2.0.6 phpBB Group phpBB 2.0.5 phpBB Group phpBB 2.0.4 phpBB Group phpBB 2.0.3 phpBB Group phpBB 2.0.2 phpBB Group phpBB 2.0.1 phpBB Group phpBB 2.0 .0 phpBB Group phpBB 2.0 RC4 |
| Not Vulnerable: |
phpBB Group phpBB 2.0.7 |
Discussion
PHPBB ViewTopic.PHP "postorder" Cross-Site Scripting Vulnerability
It has been reported that one of the scripts included with phpBB is prone to a cross-site scripting vulnerability. According to the author of the report, the script "viewtopic.php" returns the value of the HTML variable "postorder" to the client as its output without encoding it or otherwise removing potentially hostile content. This can be exploited by constructing malicious links with the malicious "postorder" variable value embedded as a GET request style HTML variable. If the target user visits such a link, the malicious, externally created content supplied in the link will be rendered (or executed, in the case of script code) as part of the viewtopic.php document and within the context of the vulnerable website (including the phpBB forum).
It has been reported that one of the scripts included with phpBB is prone to a cross-site scripting vulnerability. According to the author of the report, the script "viewtopic.php" returns the value of the HTML variable "postorder" to the client as its output without encoding it or otherwise removing potentially hostile content. This can be exploited by constructing malicious links with the malicious "postorder" variable value embedded as a GET request style HTML variable. If the target user visits such a link, the malicious, externally created content supplied in the link will be rendered (or executed, in the case of script code) as part of the viewtopic.php document and within the context of the vulnerable website (including the phpBB forum).
Exploit / POC
PHPBB ViewTopic.PHP "postorder" Cross-Site Scripting Vulnerability
No exploit code is required.
No exploit code is required.
Solution / Fix
PHPBB ViewTopic.PHP "postorder" Cross-Site Scripting Vulnerability
Solution:
This issue has been fixed in phpBB 2.0.7.
phpBB Group phpBB 2.0 .0
phpBB Group phpBB 2.0 RC4
phpBB Group phpBB 2.0.1
phpBB Group phpBB 2.0.2
phpBB Group phpBB 2.0.3
phpBB Group phpBB 2.0.4
phpBB Group phpBB 2.0.5
phpBB Group phpBB 2.0.6 c
phpBB Group phpBB 2.0.6
Solution:
This issue has been fixed in phpBB 2.0.7.
phpBB Group phpBB 2.0 .0
-
phpBB Group phpBB 2.0.7
http://www.phpbb.com/downloads.php
phpBB Group phpBB 2.0 RC4
-
phpBB Group phpBB 2.0.7
http://www.phpbb.com/downloads.php
phpBB Group phpBB 2.0.1
-
phpBB Group phpBB 2.0.7
http://www.phpbb.com/downloads.php
phpBB Group phpBB 2.0.2
-
phpBB Group phpBB 2.0.7
http://www.phpbb.com/downloads.php
phpBB Group phpBB 2.0.3
-
phpBB Group phpBB 2.0.7
http://www.phpbb.com/downloads.php
phpBB Group phpBB 2.0.4
-
phpBB Group phpBB 2.0.7
http://www.phpbb.com/downloads.php
phpBB Group phpBB 2.0.5
-
phpBB Group phpBB 2.0.7
http://www.phpbb.com/downloads.php
phpBB Group phpBB 2.0.6 c
-
phpBB Group phpBB 2.0.7
http://www.phpbb.com/downloads.php
phpBB Group phpBB 2.0.6
-
phpBB Group phpBB 2.0.7
http://www.phpbb.com/downloads.php
References
PHPBB ViewTopic.PHP "postorder" Cross-Site Scripting Vulnerability
References:
References:
- New phpBB ViewTopic.php Cross Site Scripting Vulnerability (Cheng Peng Su
- Re: New phpBB ViewTopic.php Cross Site Scripting Vulnerability ("t4c \[Founder of GHCIF\]"