Logistics Việt Nam đang ở đ�u

[thanhhungjsc]

Hệ thống quảng cáo SangNhuong.com

Severity
--------
Malicious users can steal other user's and admin's cookies, allowing
them to impersonate other users on the board and access to the
administration panel.

Problem
The problem is very similar to SQL injection.
phpBB2 uses a user provided string (through the [IMG] tag)
in the following HTML tag:

While there is a check to force the string to begin with "http://" it
doesn't disallow ". That means a malicious user can escape the src="" in
the HTML tag and insert his own html code.
This same problem also exists in the remote avatar part of the user
profile.
Example
Enter the following anywhere in a message:



When reading that message it should popup an alert box with your
cookies.

Solutions ---------
* Upgrade to 2.0.1
--
XiM
(#icerealm on irc.icerealm.net)