Bugtraq mailing list archives
Re: XSS vulnerability in phpBB (an other ;-)
From: <keupon_ps2 () yahoo fr>
Date: 9 Sep 2003 18:47:28 -0000
In-Reply-To: <20030909171006.23428.qmail () sf-www1-symnsj securityfocus com> Excuse me, i've made a little error in my example. This will not work: [url=www.google.fr" onclick="alert('Hello')]text[/url] but this will work (on phbb 2.0.6): [url=http://www.google.fr" onclick="alert('Hello')]text[/url] I don't remeber who has said that it will work on every version of phpBB but i've tested it on phpBB 2.0.4 and it doesn't work. An other person has said that it only works with this code: [url=http://www.google.fr" onclick="alert('Hello');"]text[/url] I've tested it on 2.0.6 and it works but the code without the ;" works also. If you make over tests, please, indicate which version of phpBB you are using.
Current thread:
- XSS vulnerability in phpBB (an other ;-) keupon_ps2 (Sep 08)
- Re: XSS vulnerability in phpBB (an other ;-) Victor Sheldeshov (Sep 09)
- <Possible follow-ups>
- Re: XSS vulnerability in phpBB (an other ;-) John Smith (Sep 09)
- Re: XSS vulnerability in phpBB (an other ;-) Michael Renzmann (Sep 09)
- Re: XSS vulnerability in phpBB (an other ;-) omere (Sep 09)
- Re: XSS vulnerability in phpBB (an other ;-) keupon_ps2 (Sep 09)
- Re: XSS vulnerability in phpBB (an other ;-) Everett Feldt (Sep 10)
- Re: XSS vulnerability in phpBB (an other ;-) Steven M. Christey (Sep 10)