Full Disclosure mailing list archives

Unpatched phpBB XSS [in 2.0.16]

From: Aaron Horst <anthrax101 () gmail com>
Date: Tue, 5 Jul 2005 16:43:04 -0400

This exploit is already circulating, so I am posting a notice here.
There is a way to exploit IE's HTML rendering engine to render invalid
HTML code, embedded within a link. This can be used to bypass phpBB's
filtering system to cause a cross site scripting issue.

A description in Russian is available here: http://antichat.ru/txt/phpbb/

PoC is included with the description. I would advise administrators to
disable the rendering of BBCode for the time being, this mitigates the
issue.

-- 
AnthraX101 -- PGP Key ID# 0x4CD6D0BD
Fingerprint:
8161 D008 3DAB 86C1 2CA3  AEDE 0E21 DBDE 4CD6 D0BD
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Unpatched phpBB XSS [in 2.0.16] Aaron Horst (Jul 05)
- Re: Unpatched phpBB XSS [in 2.0.16] Dominik Birk (Jul 06)