[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: Software PBLang 4.65 search.php XSS vulnerability
From: Raven <raven () tgs-security ! com>
Date: 2005-02-22 21:29:19
Message-ID: 20050222212919.27535.qmail () www ! securityfocus ! com
[Download RAW message or body]
[][][][][][][][][][][][][][][][][][][][][][][][][][]
[][][]
[]
[] HRG - Hackerlounge Research Group
[] Release: HRG001
[] Friday 11-02-05
[] Software PBLang 4.65 search.php XSS vulnerability
[]
[] The author can't be held responsible for any
damage
[] done by a reader. You have your own resonsibility
[] Please use this document like it's meant to.
[]
[][][][][][][][][][][][][][][][][][][][][][][][][][]
[][][]
Vulnerable: PBLang 4.65 (current) (and earlier?)
---
General information:
PBLang is an international BBS-software based on
PHP. It does not require any database but bases on a
flatfile system. Many professional features. More
info on the project website.
---
Description:
The search.php script is vulnerable to a XSS attack
by a remote attacker. The searched string is not
filtered for any harmfull characters like < > and ".
This makes it possible for an attacker to trick a
user into going to a harmfull page and stealing a
session.
---
Proof Of Concept:
Type in the search box "<script
language="javascript">alert("Hackerlounge.com pwns
joo");</script>" and submit. An alertbox with the
text "Hackerlounge.com pwns joo" should come up.
---
Fix and Vendor status:
The vendor has been notified, expect an official
patch soon.
---
Credit:
HRG (Hackerlounge Research Group).
Hackerlounge.com
TGS-Security.com
[][][][][][][][][][][][][][][][][][][][][][][][][][]
[][][]
[]
[] HRG - Hackerlounge Research Group
[] Release: HRG001
[] Friday 11-02-05
[] Software PBLang 4.65 search.php XSS vulnerability
[]
[] The author can't be held responsible for any
damage
[] done by a reader. You have your own resonsibility
[] Please use this document like it's meant to.
[]
[][][][][][][][][][][][][][][][][][][][][][][][][][]
[][][]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic