| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4044F660.3040206@ghcif.de> From: t4c at ghcif.de (t4c [Founder of GHCIF]) Subject: New phpBB ViewTopic.php Cross Site Scriptin g Vulnerability (with fix) Its for 2.0.6c and above. You can fix it using their fix or the one http://www.ghcif.de/adv/phpbb206_viewtopic.txt There's an PHPBB Announcment how to fix the hole. greets Milan David Vincent wrote: >>On 02/28/04 Cheng Peng Su released the following Advisory: >> >>################################################ >>Advisory Name:New phpBB ViewTopic.php Cross Site Scripting >>Vulnerability >>Release Date: Feb 29,2004 >>Application: phpBB >>Platform: PHP >>Version Affected: the lastest version >>Vendor URL: http://www.phpbb.com/ >>Discover: Cheng Peng Su(apple_soup_at_msn.com) >>################################################ >> >>Details: >>~ This vuln is similar to Arab VieruZ's advisory 'XSS bug in >>phpBB',this time the problem is not in 'highlight' ,but in >>'postorder'.we can inject HTML code,such code could be used to steal >>cookie information. > > > > exactly what version is this? they've released a new one as of March 01. > > http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=177594 > > new version is 2.0.6d. > > -d > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > > -- Milan 't4c' Berger Network & Security Administrator 21073 Hamburg gpg: http://www.ghcif.de/keys/t4c.asc
Powered by blists - more mailing lists