Bugtraq mailing list archives
Re: XSS vulnerability in phpBB (an other ;-)
From: Victor Sheldeshov <mrlomax () mail ru>
Date: Tue, 9 Sep 2003 10:09:57 +0400
Hello keupon, Tuesday, September 9, 2003, 1:43:59 AM, you wrote: kyf> Hello, i've just found a new xss vulnerability in phpBB 2.0.6 (i'm not kyf> sure but i don't think that others versions are vulnerable). kyf> This vulnerability is located in the [url][/url] bbcode. kyf> You can insert javascript by doing a thing like that: kyf> [url=www.google.fr" onclick=alert('Hello')]text[/url] Think, my phpBB 2.0.5 is not vulnerable. I posted "[url=www.google.fr" onclick=alert('Hello')]text[/url]" into the body of the post. No URL link appeared, but I saw the whole string "[url=www.google.fr" onclick=alert('Hello')]text[/url]" in my post. Was I wrong? Where do we need to place that string? -- Best regards, Victor mailto:mrlomax () mail ru Topic: Когда правитель говорит об заботе о благе народа, он хочет заручиться его доверием для очередного обмана.
Current thread:
- XSS vulnerability in phpBB (an other ;-) keupon_ps2 (Sep 08)
- Re: XSS vulnerability in phpBB (an other ;-) Victor Sheldeshov (Sep 09)
- <Possible follow-ups>
- Re: XSS vulnerability in phpBB (an other ;-) John Smith (Sep 09)
- Re: XSS vulnerability in phpBB (an other ;-) Michael Renzmann (Sep 09)
- Re: XSS vulnerability in phpBB (an other ;-) omere (Sep 09)
- Re: XSS vulnerability in phpBB (an other ;-) keupon_ps2 (Sep 09)
- Re: XSS vulnerability in phpBB (an other ;-) Everett Feldt (Sep 10)
- Re: XSS vulnerability in phpBB (an other ;-) Steven M. Christey (Sep 10)