[31492] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: XSS vulnerability in phpBB (an other ;-)

daemon@ATHENA.MIT.EDU (Michael Renzmann)
Tue Sep 9 13:25:00 2003

Message-ID: <3F5E0239.5090308@dylanic.de>
Date: Tue, 09 Sep 2003 18:39:21 +0200
From: Michael Renzmann <security@dylanic.de>
MIME-Version: 1.0
To: John Smith <sgaesux@Phreaker.net>
Cc: bugtraq@securityfocus.com
In-Reply-To: <20030909072405.5AB411A01C8@smtp-1.hotpop.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Hi.

John Smith wrote:
> [url=http://www.izhal.com" onclick=alert("bug");"]test[/url]

Checked that variant with phpBB 2.0.1 again, and it didn't work as well. 
Seems as this version is not vulnerable.

Bye, Mike


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[31492] in bugtraq

Re: XSS vulnerability in phpBB (an other ;-)

daemon@ATHENA.MIT.EDU (Michael Renzmann)Tue Sep 9 13:25:00 2003

daemon@ATHENA.MIT.EDU (Michael Renzmann)
Tue Sep 9 13:25:00 2003