[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Unpatched phpBB XSS [in 2.0.16]

To: Aaron Horst <anthrax101@xxxxxxxxx>
Subject: Re: [Full-disclosure] Unpatched phpBB XSS [in 2.0.16]
From: Dominik Birk <mail@xxxxxxxxxxxxxxxxxx>
Date: Wed, 06 Jul 2005 15:11:12 +0200

> PoC is included with the description. I would advise administrators to
> disable the rendering of BBCode for the time being, this mitigates the
> issue.

According to this Exploit there is still no official answer from PHPBB.
Because of that, I just want to post my personal little version of
bugfixing this problem, with which you can obviate attacks on Users who
use IE, but you will loose the functionality of [url]-Tags.

#
#-----[ OPEN ]------------------------------------------
#
/templates/$template/bbcode.tpl

#
#-----[ FIND ]------------------------------------------
#
<!-- BEGIN url --><a href="{URL}" target="_blank"
class="postlink">{DESCRIPTION}</a><!-- END url -->

#
#-----[ SUBSTITUTE ]------------------------------------
#

//<!-- BEGIN url --><a href="{URL}" target="_blank"
class="postlink">{DESCRIPTION}</a><!-- END url -->
<!-- BEGIN url -->Function currently disabled<!-- END url -->

#
#-----[ SAVE FILE ]------------------------------------
#
EOF

I propose to call this steps off after PHPBB has released an official
bugfix.

HTH

Dominik Birk

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Unpatched phpBB XSS [in 2.0.16]
  - From: Aaron Horst

Prev by Date: [Full-disclosure] [ GLSA 200507-04 ] RealPlayer: Heap overflow vulnerability
Next by Date: [Full-disclosure] [USN-148-1] zlib vulnerability
Previous by thread: [Full-disclosure] Unpatched phpBB XSS [in 2.0.16]
Next by thread: [Full-disclosure] OWASP-SoCal 07/19 Meeting - Speakers and Topics
Index(es):
- Date
- Thread