BugTraq
RE: CSS in phpBB 1.4.4 Dec 15 2004 10:15PM
Paul Owen (paul ettanet com)
> phpBB 1.4.4 is vulnerable to Cross Site Scripting Attack.
>
> [Vulnerable]
>
> You can put vbscript in [img] bbcode tags.
> For example:
>
> [img]vbscript: alert(document.cookie)[/img]

phpBB 1.x hasn't been supported for over two years. All users of phpBB
1.x have been long advised to switch to phpBB 2.x or other system (as
they see fit).

psoTFX - phpbb.com

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus