Multi Ethnic Hacking Group

    Phorum <= 5.2.11 Permanent Cross Site Scripting Vulnerabilities


    Posts : 92
    Reputation : -1
    Join date : 2009-07-08

    Phorum <= 5.2.11 Permanent Cross Site Scripting Vulnerabilities

    Post by Foxi on Thu Jul 23, 2009 4:33 am

    [code:1:0d24]//----- Advisory

    Program : Phorum 5.2.11 and prior
    Homepage :
    Discovery : 2009/07/16
    Author Contacted : 2009/07/17
    Found by : CrashFr
    This Advisory : CrashFr

    //----- Application description

    Started in 1998, Phorum was the original PHP and MySQL based Open Source
    forum software. Phorum's developers pride themselves on creating message
    board software that is designed to meet different needs of different web
    sites while not sacrificing performance or features.

    //----- Description of vulnerability

    Phorum's filtering engine insufficiently filters some BBcode arguments.
    Using the bbcode tags [color] and [size] it is possible to execute Javascript
    using expression CSS property.

    //----- Proof Of Concept

    When the user post the following bbcode :


      Current date/time is Mon Mar 25, 2019 6:43 am