Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Unpatched phpBB XSS [in 2.0.16]

From: Dominik Birk <mail () code-foundation de>
Date: Wed, 06 Jul 2005 15:11:12 +0200
PoC is included with the description. I would advise administrators to
disable the rendering of BBCode for the time being, this mitigates the
issue.


According to this Exploit there is still no official answer from PHPBB.
Because of that, I just want to post my personal little version of
bugfixing this problem, with which you can obviate attacks on Users who
use IE, but you will loose the functionality of [url]-Tags.

#
#-----[ OPEN ]------------------------------------------
#
/templates/$template/bbcode.tpl

#
#-----[ FIND ]------------------------------------------
#
<!-- BEGIN url --><a href="{URL}" target="_blank"
class="postlink">{DESCRIPTION}</a><!-- END url -->

#
#-----[ SUBSTITUTE ]------------------------------------
#

//<!-- BEGIN url --><a href="{URL}" target="_blank"
class="postlink">{DESCRIPTION}</a><!-- END url -->
<!-- BEGIN url -->Function currently disabled<!-- END url -->

#
#-----[ SAVE FILE ]------------------------------------
#
EOF

I propose to call this steps off after PHPBB has released an official
bugfix.

HTH

Dominik Birk

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: