Re: [Full-disclosure] Unpatched phpBB XSS [in 2.0.16]
From: Dominik Birk (mail_at_code-foundation.de)
Date: 07/06/05
- Previous message: Thierry Carrez: "[Full-disclosure] [ GLSA 200507-04 ] RealPlayer: Heap overflow vulnerability"
- In reply to: Aaron Horst: "[Full-disclosure] Unpatched phpBB XSS [in 2.0.16]"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Aaron Horst <anthrax101@gmail.com> Date: Wed, 06 Jul 2005 15:11:12 +0200
> PoC is included with the description. I would advise administrators to
> disable the rendering of BBCode for the time being, this mitigates the
> issue.
According to this Exploit there is still no official answer from PHPBB.
Because of that, I just want to post my personal little version of
bugfixing this problem, with which you can obviate attacks on Users who
use IE, but you will loose the functionality of [url]-Tags.
#
#-----[ OPEN ]------------------------------------------
#
/templates/$template/bbcode.tpl
#
#-----[ FIND ]------------------------------------------
#
<!-- BEGIN url --><a href="{URL}" target="_blank"
class="postlink">{DESCRIPTION}</a><!-- END url -->
#
#-----[ SUBSTITUTE ]------------------------------------
#
//<!-- BEGIN url --><a href="{URL}" target="_blank"
class="postlink">{DESCRIPTION}</a><!-- END url -->
<!-- BEGIN url -->Function currently disabled<!-- END url -->
#
#-----[ SAVE FILE ]------------------------------------
#
EOF
I propose to call this steps off after PHPBB has released an official
bugfix.
HTH
Dominik Birk
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Previous message: Thierry Carrez: "[Full-disclosure] [ GLSA 200507-04 ] RealPlayer: Heap overflow vulnerability"
- In reply to: Aaron Horst: "[Full-disclosure] Unpatched phpBB XSS [in 2.0.16]"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
