Topic: PunBB 1.2.20 and 1.3RC hotfix released
PunBB 1.2.20 and 1.3RC hotfix released today.
The XSS via the "p" GET parameter is fixed. Reported by Henry Sudhof.
The proof of concept:
Clicking the link like this results in the script execution: http://punbb.informer.com/forums/userli … /script%3E
This XSS doesn't work at PunBB Forums anymore as the hotfix has just been released and installed. As usual, PunBB 1.3RC administrators will see an alert (as soon as they log in to the forum) and will be able to install the hotfix with several clicks.
This bug cannot be used directly in PunBB 1.2, but can appear in mods using the page number set by PunBB: check your mods for the correct page number screening.
Visit Downloads page for the PunBB 1.2.20 packages and patches. Or get the latest revision from SVN trunk.