发布时间 :2005-10-25 21:02:00
修订时间 :2017-07-10 21:33:09

[原文]Interpretation conflict in phpBB 2.0.17, with remote avatars and avatar uploading enabled, allows remote authenticated users to inject arbitrary web script or HTML via an HTML file with a GIF or JPEG file extension, which causes the HTML to be executed by a victim who views the file in Internet Explorer, which renders malformed image types as HTML, enabling cross-site scripting (XSS) attacks. NOTE: it could be argued that this vulnerability is due to a design flaw in Internet Explorer (CVE-2005-3312) and the proper fix should be in that browser; if so, then this should not be treated as a vulnerability in phpBB.

[CNNVD]phpBB 头像上传HTML注入漏洞(CNNVD-200510-210)

        phpBB 2.0.17存在解释冲突。在启用远程头像和头像上传时,远程认证用户可以借助带有GIF或JPEG文件扩展名的HTML文件注入任意web脚本或HTML,使得在Internet Explorer中查看文件的受害者执行HTML,将畸形图像类型变为HTML,从而实现跨站脚本(XSS)攻击。注:可能有人认为此漏洞是由Internet Explorer的设计缺陷所致,应当在该浏览器中进行适当的修复;如果是这样的话,则此问题不应视为phpBB的漏洞。

- CVSS (基础分值)

CVSS分值: 3.5 [轻微(LOW)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  FULLDISC  20051022 phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit.
(UNKNOWN)  BUGTRAQ  20051022 phpBB 2.0.17 (and other BB systems as well) Cookie disclosure
(UNKNOWN)  BID  15170
(UNKNOWN)  XF  phpbb-avatar-bypass-security(22837)

- 漏洞信息

phpBB 头像上传HTML注入漏洞
低危 跨站脚本
2005-10-25 00:00:00 2006-06-13 00:00:00
        phpBB 2.0.17存在解释冲突。在启用远程头像和头像上传时,远程认证用户可以借助带有GIF或JPEG文件扩展名的HTML文件注入任意web脚本或HTML,使得在Internet Explorer中查看文件的受害者执行HTML,将畸形图像类型变为HTML,从而实现跨站脚本(XSS)攻击。注:可能有人认为此漏洞是由Internet Explorer的设计缺陷所致,应当在该浏览器中进行适当的修复;如果是这样的话,则此问题不应视为phpBB的漏洞。

- 公告与补丁


- 漏洞信息

Microsoft IE Embedded Content Processing XSS
Remote / Network Access Input Manipulation
Loss of Integrity
Vendor Verified

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-09-22 2005-07-15
2005-09-22 Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

phpBB Avatar Upload HTML Injection Vulnerability
Input Validation Error 15170
Yes No
2005-10-22 12:00:00 2006-05-10 10:39:00 is credited with the discovery of this vulnerability.

- 受影响的程序版本

phpBB Group phpBB 2.0.17
phpBB Group phpBB 2.0.16
phpBB Group phpBB 2.0.15
phpBB Group phpBB 2.0.14
phpBB Group phpBB 2.0.13
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
phpBB Group phpBB 2.0.18

- 不受影响的程序版本

phpBB Group phpBB 2.0.18

- 漏洞讨论

phpBB is prone to an HTML-injection vulnerability. The application fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would be executed in the context of the affected website, potentially allowing an attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.

This issue occurs only when using Microsoft Internet Explorer.

- 漏洞利用

No exploit is required.

- 解决方案

The vendor has acknowledged this vulnerability and will be releasing a patch in the next release (version 2.0.18).

Debian has released advisory DSA 925-1 to address various issues in phpBB. Please see the referenced advisory for more information.

- 相关参考