Re: phpBB (privmsg.php) XSS Exploit

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: phpBB (privmsg.php) XSS Exploit
From: neothermic@xxxxxxxxx
Date: 11 Jan 2007 22:14:20 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Hello,

This particular exploit was fixed in 2.0.22, which was released on the 23rd 
December 2006.

The correct fix for this issue is contained in that release, and it is 
recommended that people update to 2.0.22.

NeoThermic
phpBB Support Team, Audit Team and Incident Investigation Team Leader.

Prev by Date: Re: xss in phpmyadmin <= 2.8.1
Next by Date: Re: [Full-disclosure] Web Honeynet Project: announcement,
Previous by thread: phpBB (privmsg.php) XSS Exploit
Next by thread: Re: phpBB (privmsg.php) XSS Exploit
Index(es):
- Date
- Thread