[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: XSS vulnerability in phpBB (an other ;-)

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: XSS vulnerability in phpBB (an other ;-)
From: <keupon_ps2@xxxxxxxx>
Date: 9 Sep 2003 18:47:28 -0000

In-Reply-To: <20030909171006.23428.qmail@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>

Excuse me, i've made a little error in my example.
This will not work:
[url=www.google.fr" onclick="alert('Hello')]text[/url]
but this will work (on phbb 2.0.6):
[url=http://www.google.fr"; onclick="alert('Hello')]text[/url]

I don't remeber who has said that it will work on every version of phpBB 
but i've tested it on phpBB 2.0.4 and it doesn't work.
An other person has said that it only works with this code:
[url=http://www.google.fr"; onclick="alert('Hello');"]text[/url]
I've tested it on 2.0.6 and it works but the code without the ;" works 
also.

If you make over tests, please, indicate which version of phpBB you are 
using.

Prev by Date: Re: 11 years of inetd default insecurity?
Next by Date: bug in Invision Power Board
Previous by thread: Re: XSS vulnerability in phpBB (an other ;-)
Next by thread: Re: XSS vulnerability in phpBB (an other ;-)
Index(es):
- Date
- Thread