Home page logo

bugtraq logo Bugtraq mailing list archives

Re: XSS vulnerability in phpBB (an other ;-)
From: <keupon_ps2 () yahoo fr>
Date: 9 Sep 2003 18:47:28 -0000

In-Reply-To: <20030909171006.23428.qmail () sf-www1-symnsj securityfocus com>

Excuse me, i've made a little error in my example.
This will not work:
[url=www.google.fr" onclick="alert('Hello')]text[/url]
but this will work (on phbb 2.0.6):
[url=http://www.google.fr"; onclick="alert('Hello')]text[/url]

I don't remeber who has said that it will work on every version of phpBB 
but i've tested it on phpBB 2.0.4 and it doesn't work.
An other person has said that it only works with this code:
[url=http://www.google.fr"; onclick="alert('Hello');"]text[/url]
I've tested it on 2.0.6 and it works but the code without the ;" works 

If you make over tests, please, indicate which version of phpBB you are 

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]