phpBB Updates

Rules, News, Announcements and so much more: We are here to inform you.

Moderators: egami, macek, gesf

Post Reply
User avatar
WiZARD
Moderator
Moderator
Posts: 1240
Joined: Thu Jun 20, 2002 10:14 pm
Location: Ukraine, Crimea, Simferopol
Contact:

Fri Jul 08, 2005 12:18 am

PHPBB URL Tag BBCode.PHP Vulnerability

The phpbb vendor reports that a critical vulnerability exists in the BBCode handling routines of the 'bbcode.php' script.

The bbcode [url] tag is not properly sanitized of user-supplied input. This could permit the injection of arbitrary HTML or script code into the browser of an unsuspecting user in the context of the affected site.

PHPBB URL Tag BBCode.PHP Vulnerability

Class: Input Validation Error
CVE: CVE-MAP-NOMATCH
Remote: Yes
Local: No
Published: May 09 2005 12:00AM
Updated: Jun 02 2005 08:09PM
Credit: Discovery of this issue is credited to Papados.
Vulnerable:
phpBB Group phpBB 2.0.14
phpBB Group phpBB 2.0.13
phpBB Group phpBB 2.0.12
phpBB Group phpBB 2.0.11
phpBB Group phpBB 2.0.10
phpBB Group phpBB 2.0.9
phpBB Group phpBB 2.0.8 a
phpBB Group phpBB 2.0.8
phpBB Group phpBB 2.0.7 a
phpBB Group phpBB 2.0.7
phpBB Group phpBB 2.0.6 d
phpBB Group phpBB 2.0.6 c
phpBB Group phpBB 2.0.6
phpBB Group phpBB 2.0.5
phpBB Group phpBB 2.0.4
phpBB Group phpBB 2.0.3
phpBB Group phpBB 2.0.2
phpBB Group phpBB 2.0.1
phpBB Group phpBB 2.0 .0
phpBB Group phpBB 2.0 RC4
- Apache Software Foundation Apache 1.3.9
- Apache Software Foundation Apache for Windows 1.3.9
phpBB Group phpBB 2.0 RC3
- Apache Software Foundation Apache 1.3.9
- Apache Software Foundation Apache for Windows 1.3.9
phpBB Group phpBB 2.0 RC2
- Apache Software Foundation Apache 1.3.9
- Apache Software Foundation Apache for Windows 1.3.9
phpBB Group phpBB 2.0 RC1
- Apache Software Foundation Apache 1.3.9
- Apache Software Foundation Apache for Windows 1.3.9
phpBB Group phpBB 2.0 Beta 1
- Apache Software Foundation Apache 1.3.9
- Apache Software Foundation Apache for Windows 1.3.9

Not Vulnerable:
phpBB Group phpBB 2.0.15

from www.securityfocus.com
"Sex,Drugs and Rock&Roll " replaced at "Sucks,Bugs and Plug&Play";
Image

User avatar
gesf
Moderator
Moderator
Posts: 1716
Joined: Sun Dec 29, 2002 5:03 am
Location: Portugal / Sweden
Contact:

Fri Jul 08, 2005 3:54 am

Ops! What's this BBS version?
I like that CouCou box :D
Sincerely,
Gonçalo "gesf" Fontoura

gesf.org | sessionstart.com | urlms.com

User avatar
Alexej Kubarev
Site Admin
Site Admin
Posts: 2214
Joined: Fri Mar 05, 2004 7:15 am
Location: Täby, Stockholms län
Contact:

Fri Jul 08, 2005 4:11 am

if you ment this forums version: always the latest :)
Best Regards,
Alexej Kubarev
-------------------------------
Zend Certified Engineer
Image Image

User avatar
gesf
Moderator
Moderator
Posts: 1716
Joined: Sun Dec 29, 2002 5:03 am
Location: Portugal / Sweden
Contact:

Fri Jul 08, 2005 4:18 am

:D
Sincerely,
Gonçalo "gesf" Fontoura

gesf.org | sessionstart.com | urlms.com

User avatar
Alexej Kubarev
Site Admin
Site Admin
Posts: 2214
Joined: Fri Mar 05, 2004 7:15 am
Location: Täby, Stockholms län
Contact:

Fri Jul 08, 2005 5:47 am

gesf: we are not THAT stupid... not yet anyways... oh well.. not that we know..
hehe..
Best Regards,
Alexej Kubarev
-------------------------------
Zend Certified Engineer
Image Image

Post Reply
  • Information
  • Who is online

    Users browsing this forum: No registered users and 1 guest