[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: XSS vulnerability in phpBB (an other ;-)

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: XSS vulnerability in phpBB (an other ;-)
From: "Steven M. Christey" <coley@xxxxxxxxx>
Date: Tue, 9 Sep 2003 19:14:01 -0400 (EDT)

keupon_ps2@xxxxxxxx said:

>but this will work (on phbb 2.0.6):
>[url=http://www.google.fr"; onclick="alert('Hello')]text[/url]
>
>I don't remeber who has said that it will work on every version of phpBB
>but i've tested it on phpBB 2.0.4 and it doesn't work.
>An other person has said that it only works with this code:
>[url=http://www.google.fr"; onclick="alert('Hello');"]text[/url]
>I've tested it on 2.0.6 and it works but the code without the ;" works
>also.

These discrepancies might be due to differences in how web browsers
render "bad" HTML, rather than a quirk in phpBB.

Since the first example URL doesn't have a closing double-quote
character in the onclick value, some browsers may ignore it
altogether.

It seems likely that some types of XSS-style attacks would only work
in certain web browsers.

Which browsers (and versions) were used when testing this bug?

- Steve

Prev by Date: Attemps with Ikonboard 3.1.2a
Next by Date: Re: BAD NEWS: Microsoft Security Bulletin MS03-032 another temporary solution
Previous by thread: Re: XSS vulnerability in phpBB (an other ;-)
Next by thread: Escapade Scripting Engine XSS Vulnerability and Path Disclosure
Index(es):
- Date
- Thread