Re:[Advisory] phpBB 1.4.4 still suffers from Cross Site Scripting Vulnerability
From: altomo (altomo@digitalgangsters.net)Date: 03/29/02
- Previous message: Lucien Fransman: "Re: Oracle9i TSN DoS Attack"
- Maybe in reply to: Florian Hobelsberger / BlueScreen: "[Advisory] phpBB 1.4.4 still suffers from Cross Site Scripting Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 28 Mar 2002 21:51:44 -0600 (CST) From: altomo <altomo@digitalgangsters.net> To: <bugtraq@securityfocus.com>
Zeroforum is vuln to this as well. Notified a few weeks ago and heard
nothing back.
>>After a similar bug was discovered in phpBB 1.4.2, the authors fixed the
>>bug
>>with which JavaScript could inserted by using an [IMG] tag like:
>>
>>[img]javascript:alert('bla')[/img]
- Previous message: Lucien Fransman: "Re: Oracle9i TSN DoS Attack"
- Maybe in reply to: Florian Hobelsberger / BlueScreen: "[Advisory] phpBB 1.4.4 still suffers from Cross Site Scripting Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
