[] NeoSense
E X P L O I T S
title author type platform port cve id

phpBB 2.0.6 - URL BBCode HTML Injection

Author: keupon_ps2
type: webapps
platform: php
port: 
date_added: 2003-09-08 
date_updated: 2012-12-03 
verified: 1 
codes: OSVDB-2532 
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/8570/info


phpBB BBCode has been reported prone to an HTML injection vulnerability. It has been reported that an attacker may inject malicious script into areas of phpBB where BBCode is rendered, for example, bulletin board posts or private messages. This issue is due to a lack of sufficient sanitization performed on user supplied URL BBCode tags.

An attacker may exploit this issue to steal cookie-based authentication credentials; other attacks may also be possible.

[url=http://www.example.com" onclick="alert('Hello')]text[/url]

[url=http://www.example.com" onclick=alert("bug");"]test[/url]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.