Home page logo
/

bugtraq logo Bugtraq mailing list archives

RE: CSS in phpBB 1.4.4
From: "Paul Owen" <paul () ettanet com>
Date: Wed, 15 Dec 2004 22:15:33 -0000

phpBB 1.4.4 is vulnerable to Cross Site Scripting Attack.

[Vulnerable]

You can put vbscript in [img] bbcode tags.
For example:

[img]vbscript: alert(document.cookie)[/img]

phpBB 1.x hasn't been supported for over two years. All users of phpBB
1.x have been long advised to switch to phpBB 2.x or other system (as
they see fit).

psoTFX - phpbb.com


  By Date           By Thread  

Current thread:
  • CSS in phpBB 1.4.4 SandI] (Dec 16)
    • <Possible follow-ups>
    • RE: CSS in phpBB 1.4.4 Paul Owen (Dec 16)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]