CVE-2002-0902
phpBB 2.0.0 - Stored Cross-Site Scripting via IMG Tag Bypass
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2002-0902. PoCs published by Martijn Boerwinkel.
AI-analyzed exploit summary This is a writeup describing a stored XSS vulnerability in phpBB2 via BBCode image tags. The attacker can inject arbitrary HTML/JavaScript by closing the HTML statement with a double-quotation character.
Description
Cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2) allows remote attackers to execute Javascript as other phpBB users by including a http:// and a double-quote (") in the [IMG] tag, which bypasses phpBB's security check, terminates the src parameter of the resulting HTML IMG tag, and injects the script.
Exploits (1)
This is a writeup describing a stored XSS vulnerability in phpBB2 via BBCode image tags. The attacker can inject arbitrary HTML/JavaScript by closing the HTML statement with a double-quotation character.