Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq: Re: phpBB2 2.0.22 Cross Site Scripting Vulnerability

Re: phpBB2 2.0.22 Cross Site Scripting Vulnerability

From: <neothermic_at_phpbb.com>
Date: 3 Jan 2008 22:28:53 -0000

('binary' encoding is not supported, stored as-is) This is why browsers block cross-domain AJAX by default. Added to the fact that any action in the ACP requires the SID means that your attack via AJAX would fail.

NeoThermic

phpBB Support Team, Audit Team and Incident Investigation Team Leader
Received on Jan 03 2008

This message: [ Message body ]
Next message: rPath Update Announcements: "rPSA-2008-0004-1 tshark wireshark"
Previous message: Moritz Muehlenhoff: "[SECURITY] [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities"
Maybe in reply to: bugtraq_at_opencosmo.com: "phpBB2 2.0.22 Cross Site Scripting Vulnerability"
Next in thread: admin_at_batznet.com: "Re: Re: phpBB2 2.0.22 Cross Site Scripting Vulnerability"
Maybe reply: admin_at_batznet.com: "Re: Re: phpBB2 2.0.22 Cross Site Scripting Vulnerability"
Reply: Aufmuth Andreas: "AW: phpBB2 2.0.22 Cross Site Scripting Vulnerability"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]