Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:19450
HistoryMar 19, 2008 - 12:00 a.m.

phpBB 2.0.23 Session Hijacking Vulnerability

2008-03-1900:00:00
vulners.com
27
JSON

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
phpBB 2.0.23 Session Hijacking Vulnerability +
found by NBBN 13 Mar 2008 +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

::Information about this vulnerabilty
If a moderator or an admin close a thread in phpBB 2.0.X, the sessionid
is sending with GET:

http://site.tld/phpBB2/modcp.php?t=1&mode=lock&sid=[session]

The admin/moderator are going to be redirected to the thread(with the
session). If an attacker has posted an image in his post, he can see the
referer and so the session id. And if the attacker have a good day and
the admin close the thread, he can use all admin-functions with csrf.

::Fix

No fix

::Workaround

Upgrade to phpBB3

::Tested under:

phpBB 2.0.23 (localhost)

JSON