Multiple Vulnerabilities in TinyPHPForum
Summary
- Vulnerability
- Multiple Vulnerabilities in TinyPHPForum
- Discovered
- 2006.01.05
- Last Update
- 0 n/a
- ID
- EV0014
- CVE
- CVE-2006-0102 CVE-2006-0103 CVE-2006-0104
- Risk Level
- medium
- Type
- Multiple Vulnerabilities
- Status
- Unpatched
- Vendor
- n/a
- Vulnerable Software
- TinyPHPForum (http://www.ralpharama.co.uk/tpf/)
- Version
- 3.6 and earlier
- PoC/Exploit
- Available
- Solution
- Not available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Description
Multiple Vulnerabilities found in TinyPHPForum (http://www.ralpharama.co.uk/tpf/) script.
1. Arbitrary script execution is possible when posting a link.
Vulnerable Script: action.php
Variable: $txt
Condition: visitor needs to click this link
2. Registered users information disclosure.
users dir isn't hidden by .htaccess in default installation.
3. Directory Traversal is possible.
- creating new user, new topic, viewing user's profile
PoC/Exploit
1. Arbitrary script execution. Example:
XSS code: [a]javascript:alert("hello")[/a]
2. Users information disclosure:
http://host/tpf/users/anyuser.hashhttp://host/tpf/users/anyuser.email
3. Directory Traversal Example:
Users profile.
http://host/tpf/profile.php?action=view&uname=../../username
Solution.
Solution for "Multiple Vulnerabilities in TinyPHPForum" is not available. Check vendor's website for updates.