[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Unpatched phpBB XSS [in 2.0.16]

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Unpatched phpBB XSS [in 2.0.16]
From: Aaron Horst <anthrax101@xxxxxxxxx>
Date: Tue, 5 Jul 2005 16:43:04 -0400

This exploit is already circulating, so I am posting a notice here.
There is a way to exploit IE's HTML rendering engine to render invalid
HTML code, embedded within a link. This can be used to bypass phpBB's
filtering system to cause a cross site scripting issue.

A description in Russian is available here: http://antichat.ru/txt/phpbb/

PoC is included with the description. I would advise administrators to
disable the rendering of BBCode for the time being, this mitigates the
issue.

-- 
AnthraX101 -- PGP Key ID# 0x4CD6D0BD
Fingerprint:
8161 D008 3DAB 86C1 2CA3  AEDE 0E21 DBDE 4CD6 D0BD
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Unpatched phpBB XSS [in 2.0.16]
  - From: Dominik Birk

Prev by Date: [Full-disclosure] iDEFENSE Security Advisory 07.05.05: Adobe Acrobat Reader UnixAppOpenFilePerform() Buffer Overflow Vulnerability
Next by Date: Re: [Full-disclosure] XSS in nested tag in phpbb 2.0.16
Previous by thread: [Full-disclosure] iDEFENSE Security Advisory 07.05.05: Adobe Acrobat Reader UnixAppOpenFilePerform() Buffer Overflow Vulnerability
Next by thread: Re: [Full-disclosure] Unpatched phpBB XSS [in 2.0.16]
Index(es):
- Date
- Thread