Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Cross-site Scripting Vulnerability in phpBB 2.0.3

Cross-site Scripting Vulnerability in phpBB 2.0.3

by Nikola Strahija on December 5th, 2002 Here is the code


----------------


action="http://target/search.php?mode=searchuser">;



';
document.search.submit();



------------
work for me using, IE 6 sp 1 (xp)

maybe you can do this in a better way but, this
example work realy fine

the problem is search.php when show search_username u
can put anything with a few restrictions

solution:
1 Don't show the last entry or something like that
2 filter the code :p


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »