[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: Security Advisory: Woltlab Burning Board Lite formmail.php XSS
From: Martin Heistermann <martin.heistermann () web ! de>
Date: 2005-01-08 19:29:57
Message-ID: 20050108192957.25739.qmail () www ! securityfocus ! com
[Download RAW message or body]
Advisory Information
--------------------
Advisory name : Woltlab Burning Board Lite formmail.php XSS
Discovered by : drhankey / it-security23.net
Vendor Name : Woltlab
Vendor Homepage : http://www.woltlab.de
Software : Woltlab Burning Board Lite
Vulnerability Type : Cross-Site-Scripting
Vulnerable Versions : 1.0.0, 1.0.1e, maybe more
Platforms : OS Independent, PHP
What is Woltlab Burning Board Lite?
----------------------------------
Woltlab Burning Board Lite is the free version of the Woltlab Burning Board,
a PHP based bulletin board
Vulnerability Description:
-------------------------
formmail.php outputs the "userid"-parameter unfiltered, so its possible to add \
arbitary Code to the output by using a malformed link. The Board also allows logging \
in with stolen cookies.
Proof of Concept:
-----------------
http://website/board/formmail.php?userid=1"><script>document.location.href="http://www.it-security23.net";</script \
x="y
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic