> PoC is included with the description. I would advise administrators to
> disable the rendering of BBCode for the time being, this mitigates the
> issue.
According to this Exploit there is still no official answer from PHPBB.
Because of that, I just want to post my personal little version of
bugfixing this problem, with which you can obviate attacks on Users who
use IE, but you will loose the functionality of [url]-Tags.
#
#-----[ OPEN ]------------------------------------------
#
/templates/$template/bbcode.tpl
#
#-----[ FIND ]------------------------------------------
#
<!-- BEGIN url --><a href="{URL}" target="_blank"
class="postlink">{DESCRIPTION}</a><!-- END url -->
#
#-----[ SUBSTITUTE ]------------------------------------
#
//<!-- BEGIN url --><a href="{URL}" target="_blank"
class="postlink">{DESCRIPTION}</a><!-- END url -->
<!-- BEGIN url -->Function currently disabled<!-- END url -->
#
#-----[ SAVE FILE ]------------------------------------
#
EOF
I propose to call this steps off after PHPBB has released an official
bugfix.
HTH
Dominik Birk
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
