lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20030913162250.18186.qmail@sf-www3-symnsj.securityfocus.com>
Date: 13 Sep 2003 16:22:50 -0000
From: Benjamin Tolman <rituel@...la.fr>
To: bugtraq@...urityfocus.com
Subject: PhpBB Admin smiley panel CSS




English version :

I found a CSS in Admin smiley panel that can be used like that :

When you're logged as admin if you put a smiley code like that :)&lt;script&gt;alert('Css work')&lt;/script&gt; and then any smiley picture and description, the Admin smiley panel will show the smiley with the following code :) and the smiley picture and description you wrote before, but a Pop-up will appear saying Css work : Without that pop up it would be impossible for the admin to see that you inject some javascript in his Admin panel.

It can be exploited (For example cookie stealing) if you make a smiley pack and diffuse it or give it to an admin.

----------------------------------------------------------------

French version : Voilà, j'ai trouvé un CSS dans PhpBB faisable à partir du panel d'administration des smileys :

En mettant comme code Smiley : :)&lt;script&gt;alert('Exploit fonctionnel')&lt;/script&gt;

Puis n'importe quel image de smiley et description, le smiley s'affichera normalement sur la page Admin avec comme code :) et affichera la boîte de dialogue Exploit fonctionnel.

Il suffit alors de créer un pack smiley et de le diffuser ou de donner à un Admin pour le piéger.

Benjamin Tolman (Rituel)


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ