[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] New phpBB ViewTopic.php Cross Site Scriptin g Vulnerability (with fix)

To: "'full-disclosure@xxxxxxxxxxxxxxxx'" <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: RE: [Full-Disclosure] New phpBB ViewTopic.php Cross Site Scriptin g Vulnerability (with fix)
From: David Vincent <david.vincent@xxxxxxxxxxxxxx>
Date: Mon, 1 Mar 2004 11:17:53 -0800

> On 02/28/04 Cheng Peng Su released the following Advisory:
> 
> ################################################
> Advisory Name:New phpBB ViewTopic.php Cross Site Scripting 
> Vulnerability
> Release Date: Feb 29,2004
> Application: phpBB
> Platform: PHP
> Version Affected: the lastest version
> Vendor URL: http://www.phpbb.com/
> Discover: Cheng Peng Su(apple_soup_at_msn.com)
> ################################################
> 
> Details:
> ~    This vuln is similar to Arab VieruZ's advisory 'XSS bug in
> phpBB',this time the problem is not in 'highlight' ,but in
> 'postorder'.we can inject HTML code,such code could be used to steal
> cookie information.


exactly what version is this?  they've released a new one as of March 01.

http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=177594

new version is 2.0.6d.

-d

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] New phpBB ViewTopic.php Cross Site Scriptin g Vulnerability (with fix)
  - From: t4c [Founder of GHCIF]

Prev by Date: [Full-Disclosure] RE: laptop security
Next by Date: Re: [Full-Disclosure] Scary Question
Previous by thread: Re: [Full-Disclosure] The Trillian GPL violation allegations are confirmed false.
Next by thread: Re: [Full-Disclosure] New phpBB ViewTopic.php Cross Site Scriptin g Vulnerability (with fix)
Index(es):
- Date
- Thread