> On 02/28/04 Cheng Peng Su released the following Advisory: > > ################################################ > Advisory Name:New phpBB ViewTopic.php Cross Site Scripting > Vulnerability > Release Date: Feb 29,2004 > Application: phpBB > Platform: PHP > Version Affected: the lastest version > Vendor URL: http://www.phpbb.com/ > Discover: Cheng Peng Su(apple_soup_at_msn.com) > ################################################ > > Details: > ~ This vuln is similar to Arab VieruZ's advisory 'XSS bug in > phpBB',this time the problem is not in 'highlight' ,but in > 'postorder'.we can inject HTML code,such code could be used to steal > cookie information.
exactly what version is this? they've released a new one as of March 01. http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=177594 new version is 2.0.6d. -d _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
