 |
ProphpBB Support ForumOfficial phpBB 3 Free Forum Hosting Support |
|
It is currently November 19th, 2008, 10:49 am
|
View unanswered posts | View active topics
  |
Page 1 of 1
|
[ 8 posts ] |
|
| Author |
Message |
|
Biohazard
|
Post subject: HTML XSS Scripting Vulnerability [WARNING]  Posted: August 19th, 2008, 2:14 am |
|
 |
| Regular |
 |
Joined: August 14th, 2008, 5:52 pm
Posts: 28
Forum URL: thebiohazardproject.prophpbb.com
|
For short here is what I am talking about. Me being a hacker/programmer I was searching for vulnerabilities to phpbb3. I have heard since that if html is allowed for phpbb3 you would be able to XSS and cookie snatch them. Cookie snatching is were there is a link with code in the link, that stores your cookie(username and password in md5 coding) and runs a script hosted on a site that opens cookies.txt and writes in the cookie information and saves the data. After obtaining the data in md5 encryption you can easily break it down from there on many sites and programs. So check all links. By right clicking them and copying the link address to see if link is disguised as google.com or something when its - http://freehoster.fdsa.com/cookiesnatch ... tsomething) etc etc. I have not completely tested the vulnerability yet. It is only available with sites that have HTML enabled. Check your links. 
|
|
| Top |
|
 |
|
Ashley.S.
|
Post subject: Re: HTML XSS Scripting Vulnerability [WARNING] Posted: August 19th, 2008, 7:52 am |
|
Joined: July 23rd, 2008, 11:16 am
Posts: 778
Location: Falmouth, Cornwall, UK
Forum URL: http://entertainment-avenue.co.cc/forums
|
|
wowzers
_________________
Regards,
-Ashley.S.
NOTE:
I am not staff here and love helping & hearing from you, however I am not your Personal Support! Please, Post your support in the Support Forums and when I am available here, I will help you out
thanks for reading
|
|
| Top |
|
|
|
mdvaldosta
|
Post subject: Re: HTML XSS Scripting Vulnerability [WARNING] Posted: August 19th, 2008, 9:08 am |
|
Joined: January 4th, 2008, 6:46 pm
Posts: 907
Location: Valdosta, GA
Forum URL: http://support.prophpbb.com/
|
|
html cannot be enabled with phpbb 3. Would require custom bbcode to be made, thus only the admin would be able to do it. Then again, so could anybody with a website... forum based or not.
_________________
Please don't PM (private message) me for support. All questions should be asked in a forum thread.
|
|
| Top |
|
|
|
Ashley.S.
|
Post subject: Re: HTML XSS Scripting Vulnerability [WARNING] Posted: August 19th, 2008, 9:56 am |
|
Joined: July 23rd, 2008, 11:16 am
Posts: 778
Location: Falmouth, Cornwall, UK
Forum URL: http://entertainment-avenue.co.cc/forums
|
thank god for that 
_________________
Regards,
-Ashley.S.
NOTE:
I am not staff here and love helping & hearing from you, however I am not your Personal Support! Please, Post your support in the Support Forums and when I am available here, I will help you out
thanks for reading
|
|
| Top |
|
|
|
Mr. Bond
|
Post subject: Re: HTML XSS Scripting Vulnerability [WARNING] Posted: August 26th, 2008, 7:20 pm |
|
Joined: February 29th, 2008, 3:37 am
Posts: 53
Location: Indiana :(
Forum URL: http://thejamesbond.org
|
Just so anyone else reading this topic, phpBB3 does not have any XSS vulnerability, it did have a vuln back in one of the BETA or RC versions but it was fixed a looooonnnngggg time ago so you have nothing to worry about with XSS. Oh, and if you are wondering, XSS is short for cross site scripting 
_________________
http://the-webmasters-resource.info - Coding, design, phpBB3 tutorials & more.
www.TheJamesBond.org
|
|
| Top |
|
|
|
PanHandle
|
Post subject: Re: HTML XSS Scripting Vulnerability [WARNING] Posted: August 27th, 2008, 3:45 am |
|
Joined: January 8th, 2008, 11:25 am
Posts: 630
Location: Dover, UK
Forum URL: http://headlight.ekam.org.uk
|
|
Mr. Bond, your Webmaster's Resource website link in your signature block has a typo. I thought the link was broken at first.
_________________
Phil
If at first you don't succeed, use a BIGGER HAMMER
HeadLight: The Forum of East Kent Advanced Motorcyclists
Dour Forum: A local community forum for Dover.
|
|
| Top |
|
|
|
Mr. Bond
|
Post subject: Re: HTML XSS Scripting Vulnerability [WARNING] Posted: August 29th, 2008, 8:05 pm |
|
Joined: February 29th, 2008, 3:37 am
Posts: 53
Location: Indiana :(
Forum URL: http://thejamesbond.org
|
|
| Top |
|
|
|
PanHandle
|
Post subject: Re: HTML XSS Scripting Vulnerability [WARNING] Posted: August 30th, 2008, 12:55 am |
|
Joined: January 8th, 2008, 11:25 am
Posts: 630
Location: Dover, UK
Forum URL: http://headlight.ekam.org.uk
|
Mr. Bond wrote: It's fixed now  Excellent. You may even get some more visitors now!!! 
_________________
Phil
If at first you don't succeed, use a BIGGER HAMMER
HeadLight: The Forum of East Kent Advanced Motorcyclists
Dour Forum: A local community forum for Dover.
|
|
| Top |
|
|
|
|
Page 1 of 1
|
[ 8 posts ] |
|
Who is online |
Users browsing this forum: No registered users and 0 guests |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum
|
|
