Bugtraq mailing list archives

Re: XSS vulnerability in phpBB (an other ;-)

From: Michael Renzmann <security () dylanic de>
Date: Tue, 09 Sep 2003 18:39:21 +0200

Hi.

John Smith wrote:

[url=http://www.izhal.com"; onclick=alert("bug");"]test[/url]

Checked that variant with phpBB 2.0.1 again, and it didn't work as well.Seems as this version is not vulnerable.


Bye, Mike

Current thread:

XSS vulnerability in phpBB (an other ;-) keupon_ps2 (Sep 08)
- Re: XSS vulnerability in phpBB (an other ;-) Victor Sheldeshov (Sep 09)
- <Possible follow-ups>
- Re: XSS vulnerability in phpBB (an other ;-) John Smith (Sep 09)
  - Re: XSS vulnerability in phpBB (an other ;-) Michael Renzmann (Sep 09)
- Re: XSS vulnerability in phpBB (an other ;-) omere (Sep 09)
- Re: XSS vulnerability in phpBB (an other ;-) keupon_ps2 (Sep 09)
- Re: XSS vulnerability in phpBB (an other ;-) Everett Feldt (Sep 10)
- Re: XSS vulnerability in phpBB (an other ;-) Steven M. Christey (Sep 10)