AmigoJack wrote:updown wrote:[...] to help skilled admins for writing their own routines if they know what they do [...]
So where's the problem? I would code my own token and run its text through a regexp pattern. Done. Or is extending phpBB beyond "skilled admins" already?
Of course, my boards are heavily modded with more than 200 homebrewn changes (+150 personally extended MODs and extensions not counted), tunings and optimizations, I know phpBB like my jacket and I'm aware of nearly every function and its purpose. But I am no XSS or CSRF specialist, here I need support. To run a regex is simple, but you have to know what expression to look for!
Summary: ALL possible XSS-entries that I've found
DO NOT WORK within phpBB on constructions like
Code: Select all
<a href="http://myurl.com/index.php?q={TEXT}">...</a>
but some supporters keep telling me that there IS a possible injection point in
SUCH A SPECIAL construction (without giving proof, of course). So here I stand begging for more information about that, or call them supporters of smattering!
edit:
I'd publish an exploit, since I tend to say "if people don't care about the details while using something it's their own fault (aka knowledge is power)". But this is only my point of view. If the phpBB support team does not want to publish any explicit example it's their decision.
Feel free to send me a PM if you or someone else found out!