Multiple Vulnerabilities in TinyPHPForum

Summary

Vulnerability
Multiple Vulnerabilities in TinyPHPForum
Discovered
2006.01.05
Last Update
0 n/a
ID
EV0014
CVE
CVE-2006-0102 CVE-2006-0103 CVE-2006-0104
Risk Level
medium
Type
Multiple Vulnerabilities
Status
Unpatched
Vendor
n/a
Vulnerable Software
TinyPHPForum (http://www.ralpharama.co.uk/tpf/)
Version
3.6 and earlier
PoC/Exploit
Available
Solution
Not available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

Multiple Vulnerabilities found in TinyPHPForum (http://www.ralpharama.co.uk/tpf/) script.

1. Arbitrary script execution is possible when posting a link.

Vulnerable Script: action.php

Variable: $txt

Condition: visitor needs to click this link

2. Registered users information disclosure.

users dir isn't hidden by .htaccess in default installation.

3. Directory Traversal is possible.

- creating new user, new topic, viewing user's profile

PoC/Exploit

1. Arbitrary script execution. Example:

XSS code: [a]javascript:alert("hello")[/a]

2. Users information disclosure:

http://host/tpf/users/anyuser.hashhttp://host/tpf/users/anyuser.email

3. Directory Traversal Example:

Users profile.
http://host/tpf/profile.php?action=view&uname=../../username

Solution.

Solution for "Multiple Vulnerabilities in TinyPHPForum" is not available. Check vendor's website for updates.