кто нибудь пробывал ломать с помощью этого бага?
я чета разобратся немогу с английским плохо.
если кому не лень перевидите описание данного бага плиз.

---------------------------------------------------------
The bad code is in the usercp_register.php file. The next part of the code is the vulnerable:

$allowhtml = ( isset($HTTP_POST_VARS['allowhtml']) ) ? ( ($HTTP_POST_VARS['allowhtml']) ? TRUE : 0 ) : $board_config['allow_html'];
$allowbbcode = ( isset($HTTP_POST_VARS['allowbbcode']) ) ? ( ($HTTP_POST_VARS['allowbbcode']) ? TRUE : 0 ) : $board_config['allow_bbcode'];
$allowsmilies = ( isset($HTTP_POST_VARS['allowsmilies']) ) ? ( ($HTTP_POST_VARS['allowsmilies']) ? TRUE : 0 ) : $board_config['allow_smilies'];

If we specify a variable in the html code (any type: hidden, text, radio, check, etc) with the name allowhtml, allowbbcode or
allowsmilies, is going to be on the html, bbcode and smilies in our signature. But this only works for private messages.

In the topics our signature is going to be filtered, but no in the private messages.

- Exploit
---------------------------------------------------------
1 - Copy the html code of the registration page of the vulnerable forum.

2 - Change the form action to the path of the forum and profile.php. Example: http://phpbb.com/phpBB2/profile.php

3 - Add the variable for to enable the bbode, htmlcode or smilies (if they're not) in your private messages. Example:





4 - With your html registration page (modified) you have to register any user with some html code in the signature for test
this bug.