BugTraq
Back to list
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
Re: New phpBB ViewTopic.php Cross Site Scripting Vulnerability
Mar 01 2004 11:35PM
t4c [Founder of GHCIF] (t4c ghcif de)
An inofficial fix to this Issue has been released by ghcif.de
PHPBB 2.0.6c XSS Flaw in viewtopic.php
Open and Backup viewtopic.php
Find:
if ( !empty($HTTP_POST_VARS['postorder']) ||
!empty($HTTP_GET_VARS['postorder']${
$post_order = (!empty($HTTP_POST_VARS['postorder'])) ?
$HTTP_POST_V...
[ more ]
Privacy Statement
Copyright 2010, SecurityFocus
PHPBB 2.0.6c XSS Flaw in viewtopic.php
Open and Backup viewtopic.php
Find:
if ( !empty($HTTP_POST_VARS['postorder']) ||
!empty($HTTP_GET_VARS['postorder']${
$post_order = (!empty($HTTP_POST_VARS['postorder'])) ?
$HTTP_POST_V...
[ more ]