Full Disclosure mailing list archives
Re: Unpatched phpBB XSS [in 2.0.16]
From: Dominik Birk <mail () code-foundation de>
Date: Wed, 06 Jul 2005 15:11:12 +0200
PoC is included with the description. I would advise administrators to disable the rendering of BBCode for the time being, this mitigates the issue.
According to this Exploit there is still no official answer from PHPBB. Because of that, I just want to post my personal little version of bugfixing this problem, with which you can obviate attacks on Users who use IE, but you will loose the functionality of [url]-Tags. # #-----[ OPEN ]------------------------------------------ # /templates/$template/bbcode.tpl # #-----[ FIND ]------------------------------------------ # <!-- BEGIN url --><a href="{URL}" target="_blank" class="postlink">{DESCRIPTION}</a><!-- END url --> # #-----[ SUBSTITUTE ]------------------------------------ # //<!-- BEGIN url --><a href="{URL}" target="_blank" class="postlink">{DESCRIPTION}</a><!-- END url --> <!-- BEGIN url -->Function currently disabled<!-- END url --> # #-----[ SAVE FILE ]------------------------------------ # EOF I propose to call this steps off after PHPBB has released an official bugfix. HTH Dominik Birk _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Unpatched phpBB XSS [in 2.0.16] Aaron Horst (Jul 05)
- Re: Unpatched phpBB XSS [in 2.0.16] Dominik Birk (Jul 06)