TUCoPS :: Web BBS :: Frequently Exploited :: hack7566.htm

phpBB - Multiple vulns in Topic Calendar 1.0.1 for phpBB
Multiple vulnerabilities in Topic Calendar 1.0.1 for phpBB

* Advisory #8
* Title: Multiple vulnerabilities in Topic Calendar 1.0.1 for phpBB
* Author: Alberto Trivero
* English Version: Alberto Trivero
* Product: Topic Calendar 1.0.1
* Type: Multiple Vulnerabilities
* Web: http://www.codebug.org/ 

--) Software Page (www.phpbb.com/phpBB/viewtopic.php?t=150857) 

Topic Calendar is a quite widespread MOD for phpBB all version that will add
a calendar
to the board, using topics as event. The authorizations are managed at
forums, groups
and users level, as the standard phpBB auths.

--) Full Path Disclosure

If phpBB is running on a Microsoft IIS Server, it's possible to obtain the
full path by
sending simples requests like these:


Note that these requests doesn't works under the others webservers like

--) Cross-Site Scripting (XSS)

Let's look at code from calendar_scheduler.php at line 82:


and at line 375:


$start is a variable that can be controlled by a remote user, and, as we can
see, there
isn't any control on she, so anyone con inject some HTML code like:


that will change the HTML line in:

   " />

executing the  tag that show, in this case, the cookies.
This is the complete URL:

http://www.example.com/phpbb/calendar_scheduler.php?start=%22%3 E%3Cscript%3E

--) Patch

To fix the XSS bug we can use the function intval() at line 85 of



TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH