PHPBB ViewTopic.PHP "postorder" Cross-Site Scripting Vulnerability

It has been reported that one of the scripts included with phpBB is prone to a cross-site scripting vulnerability. According to the author of the report, the script "viewtopic.php" returns the value of the HTML variable "postorder" to the client as its output without encoding it or otherwise removing potentially hostile content. This can be exploited by constructing malicious links with the malicious "postorder" variable value embedded as a GET request style HTML variable. If the target user visits such a link, the malicious, externally created content supplied in the link will be rendered (or executed, in the case of script code) as part of the viewtopic.php document and within the context of the vulnerable website (including the phpBB forum).


 

Privacy Statement
Copyright 2010, SecurityFocus