Syntax Highlighter XSS
Posted: Sun May 15, 2011 3:53 pm
The syntax highlighting mod used on this forum had an XSS bug.
http://www.phpbbstyles.co.uk/info/viewt ... ?f=5&t=126
If anyone used this mod, you need to update to the most recent version to fix it. I believe I recommended it to someone via PM but I have forgotten who so am posting this here
used to work and cause the alert to be shown.
without the spaces obviously
Lucky that nobody noticed eh
EDIT: It looks like I am the only person who downloaded the fixed version. So if you know of any forums using this, go warn them !
http://www.phpbbstyles.co.uk/info/viewt ... ?f=5&t=126
If anyone used this mod, you need to update to the most recent version to fix it. I believe I recommended it to someone via PM but I have forgotten who so am posting this here
http://nothing.com/file.png"onerror="alert('xss');[/i mg]
used to work and cause the alert to be shown.
without the spaces obviously
Lucky that nobody noticed eh
EDIT: It looks like I am the only person who downloaded the fixed version. So if you know of any forums using this, go warn them !