[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Security Advisory: BiTBOARD xss
From:       Martin Heistermann <martin.heistermann () web ! de>
Date:       2005-01-12 17:58:58
Message-ID: 20050112175858.20334.qmail () www ! securityfocus ! com
[Download RAW message or body]



Advisory Information
--------------------
Advisory name		:  BiTBOARD XSS
Discovered by		:  drhankey / it-security23.net
Vendor Name		:  the bitshifters sdc
Vendor Homepage		:  http://www.bitshifters.net
Software		:  Bitboard
Vulnerability Type	:  Cross-Site-Scripting
Vulnerable Versions	:  2.5 and prior
Platforms		:  OS Independent, PHP


What is Bitshifters Bitboard?
----------------------------------
Woltlab Burning Board Lite is a free message board using plain text files as database.


Vulnerability Description:
-------------------------
Ii's possible to inject javascript by abusing some kind of bbcode used in the posting system.

Proof of Concept:
-----------------
[img]path/to/some/image' onMouseover='alert("hehehe... insecure");[/img]
[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic