[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: phpBB2 2.0.22 Cross Site Scripting Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: phpBB2 2.0.22 Cross Site Scripting Vulnerability
From: neothermic@xxxxxxxxx
Date: 3 Jan 2008 22:28:53 -0000

This is why browsers block cross-domain AJAX by default. Added to the fact that 
any action in the ACP requires the SID means that your attack via AJAX would 
fail.

NeoThermic

phpBB Support Team, Audit Team and Incident Investigation Team Leader

Follow-Ups:
- AW: phpBB2 2.0.22 Cross Site Scripting Vulnerability
  - From: Aufmuth Andreas

Prev by Date: [SECURITY] [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities
Next by Date: rPSA-2008-0004-1 tshark wireshark
Previous by thread: Re: Re: phpBB2 2.0.22 Cross Site Scripting Vulnerability
Next by thread: AW: phpBB2 2.0.22 Cross Site Scripting Vulnerability
Index(es):
- Date
- Thread