91 phpBB viewforum.php cross site scripting CGI 2004/03/23 Marc Ruef marc dot ruef at computec dot ch http://www.computec.ch computec.ch Marc Ruef marc dot ruef at computec dot ch http://www.computec.ch computec.ch 2004/11/14 2.0 Corrected the plugin structure and added the accuracy values in 1.2. Improved the pattern matching and introduced the plugin changelog in 2.0 tcp 80 open|send GET /viewforum.php?f=10&postdays=99 HTTP/1.0\n\n|sleep|close|pattern_exists HTTP/#.# ### ** 99 There is a similar check done in ATK plugin id 90. http://www.securityfocus.com/archive/1/357401 phpBB Group phpBB 2.0 to 2.0.6 phpBB Group phpBB newer than 2.0.6 and other web boards Cross Site Scripting The remote host is running phpBB. There is a cross site scripting vulnerability in the files ViewTopic.php and ViewForum.php Upgrade to the latest version of this software and limit unwanted connections and communications with firewalling. 1 hour Yes http://www.securityfocus.com/bid/9866/exploit/ Yes Yes Medium 8 8 8 8 Serious Nessus is able to do the same check. 9866 12093 Hacking Exposed: Network Security Secrets & Solutions, Stuart McClure, Joel Scambray and George Kurtz, February 25, 2003, 4th Edition, McGraw-Hill Osborne Media, ISBN 0072227427 http://www.computec.ch