[Full-disclosure] Unpatched phpBB XSS [in 2.0.16]
Aaron Horst
anthrax101 at gmail.com
Tue Jul 5 21:43:04 BST 2005
This exploit is already circulating, so I am posting a notice here.
There is a way to exploit IE's HTML rendering engine to render invalid
HTML code, embedded within a link. This can be used to bypass phpBB's
filtering system to cause a cross site scripting issue.
A description in Russian is available here: http://antichat.ru/txt/phpbb/
PoC is included with the description. I would advise administrators to
disable the rendering of BBCode for the time being, this mitigates the
issue.
--
AnthraX101 -- PGP Key ID# 0x4CD6D0BD
Fingerprint:
8161 D008 3DAB 86C1 2CA3 AEDE 0E21 DBDE 4CD6 D0BD
Full-Disclosure is hosted and sponsored by Secunia.