Its for 2.0.6c and above. You can fix it using their fix or the one
http://www.ghcif.de/adv/phpbb206_viewtopic.txt
There's an PHPBB Announcment how to fix the hole.
greets Milan
David Vincent wrote:
On 02/28/04 Cheng Peng Su released the following Advisory:
################################################
Advisory Name:New phpBB ViewTopic.php Cross Site Scripting Vulnerability
Release Date: Feb 29,2004
Application: phpBB
Platform: PHP
Version Affected: the lastest version
Vendor URL: http://www.phpbb.com/
Discover: Cheng Peng Su(apple_soup_at_msn.com)
################################################
Details: ~ This vuln is similar to Arab VieruZ's advisory 'XSS bug in phpBB',this time the problem is not in 'highlight' ,but in 'postorder'.we can inject HTML code,such code could be used to steal cookie information.
exactly what version is this? they've released a new one as of March 01.
http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=177594
new version is 2.0.6d.
-d
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
-- Milan 't4c' Berger Network & Security Administrator 21073 Hamburg
gpg: http://www.ghcif.de/keys/t4c.asc
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
