mailing list archives
Re: XSS phpBB 2.0.21 in administration
From: "Jessica Hope" <jessicasaulhope () googlemail com>
Date: Sat, 15 Jul 2006 21:48:56 +0100
I never quite get what the point of these reports are. Unless I'm
mistaken, in order to do *any* of those XSS attacks, you have to be an
admin already. At which point the attacks become pointless (as why XSS
when you can just nab a backup of their database?)
Are you going to go to, say, vB's style editor next and say "OMG you
can put XSS in it?!"
Here's a little secret, database restore options on any forum package
out there allows you to execute any SQL you wish! You just need to be
an admin to do it.