Bugtraq mailing list archives

RE: CSS in phpBB 1.4.4

From: "Paul Owen" <paul () ettanet com>
Date: Wed, 15 Dec 2004 22:15:33 -0000

phpBB 1.4.4 is vulnerable to Cross Site Scripting Attack.

[Vulnerable]

You can put vbscript in [img] bbcode tags.
For example:

[img]vbscript: alert(document.cookie)[/img]


phpBB 1.x hasn't been supported for over two years. All users of phpBB
1.x have been long advised to switch to phpBB 2.x or other system (as
they see fit).

psoTFX - phpbb.com

Current thread:

CSS in phpBB 1.4.4 SandI] (Dec 15)
- <Possible follow-ups>
- RE: CSS in phpBB 1.4.4 Paul Owen (Dec 15)