Planetfurry BBS Forum Index Planetfurry BBS
Forums for Planetfurry Site Members and more
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   DonateDonate   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

phpBB vulnerability.

 
Post new topic   This topic is locked: you cannot edit posts or make replies.    Planetfurry BBS Forum Index -> Site Problems
View previous topic :: View next topic  
Author Message
hikaru
Administrator


Joined: 20 Nov 2000
Posts: 1581
Location: Kansas City, KS, USA

PostPosted: Mon Mar 08, 2004 8:45 pm    Post subject: phpBB vulnerability. Reply with quote

PHPBB ViewTopic.PHP "postorder" Cross-Site Scripting Vulnera...
BugTraq ID: 9765
Remote: Yes
Date Published: Feb 28 2004
Relevant URL: http://www.securityfocus.com/bid/9765
Summary:
It has been reported that one of the scripts included with phpBB is prone
to a cross-site scripting vulnerability. According to the author of the
report, the script "viewtopic.php" returns the value of the HTML variable
"postorder" to the client as its output without encoding it or otherwise
removing potentially hostile content. This can be exploited by
constructing malicious links with the malicious "postorder" variable value
embedded as a GET request style HTML variable. If the target user visits
such a link, the malicious, externally created content supplied in the
link will be rendered (or executed, in the case of script code) as part of
the viewtopic.php document and within the context of the vulnerable
website (including the phpBB forum).

_________________
Read my comic: http://www.ImperialGelf.com
Read my stories at http://www.IC-Stories.com
http://katayamma.deviantart.com/

"Coming to you Live and Transcribed..." - TVDave
Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger
Whip-lash
Kneel before me... for I am Root!


Joined: 20 Nov 2000
Posts: 573

PostPosted: Sun Mar 21, 2004 6:56 pm    Post subject: Reply with quote

I'm going to try and spend some time tonight to apply patches for this and other issues. I've got work to do at the office later tonight (around 10-11pm EST), so hopefully I'll be able to get the ones for phpBB2 done before then.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   This topic is locked: you cannot edit posts or make replies.    Planetfurry BBS Forum Index -> Site Problems All times are GMT - 4 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group