XSS discovered in phpBB 2.0.18 and prior!

Place to discuss anything, almost. No politics, religion, Microsoft, or anything else that I (the nazi censor) deem inappropriate.
Post Reply
ZiaTioN
administrator
administrator
Posts: 460
Joined: Tue Apr 08, 2003 3:28 pm
Contact:

XSS discovered in phpBB 2.0.18 and prior!

Post by ZiaTioN »

A XSS vulnerability has been discovered in phpBB 2.0.18. It was reported almost a month ago. The phpBB team has released version 2.0.19 in response to this vulnerability along with a path disclosure issue that existed in 2.0.18. I posted a lengthy example to the exploit here.

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main »

Thanks for the heads up! To be clear, HTML must be enabled before the vulnerability can be exposed correct?

ZiaTioN
administrator
administrator
Posts: 460
Joined: Tue Apr 08, 2003 3:28 pm
Contact:

Post by ZiaTioN »

Correct

Post Reply