EXPLOITS

phpGB 1.1 - HTML Injection

Author: ppp-design
type: webapps
platform: php
port: 
date_added: 2002-09-09  
date_updated: 2012-10-07  
verified: 1  
codes: CVE-2002-1480;OSVDB-9215  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 21780.txt  

source: https://www.securityfocus.com/bid/5676/info

phpGB is subject to HTML injection attacks.

phpGB fails to check for the presence of HTML tags when generating guestbook entries. It is reported that an attacker may inject HTML and script code into guestbook entries, which will be executed in the web client of the administrative guestbook user when the admin attempts to delete the entry.

Enter the following guestbookentry:

"delete me <script>alert(document.cookie)</script>"