[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: Software PBLang 4.65 pmpshow.php XSS vulnerability
From: Raven <raven () tgs-security ! com>
Date: 2005-02-23 4:36:53
Message-ID: 20050223043653.31398.qmail () www ! securityfocus ! com
[Download RAW message or body]
[][][][][][][][][][][][][][][][][][][][][][][][][][]
[][][]
[]
[] HRG - Hackerlounge Research Group
[] Release: HRG002
[] Friday 11-02-05
[] Software PBLang 4.65 pmpshow.php XSS
vulnerability
[]
[] The author can't be held responsible for any
damage
[] done by a reader. You have your own resonsibility
[] Please use this document like it's meant to.
[]
[][][][][][][][][][][][][][][][][][][][][][][][][][]
[][][]
Vulnerable: PBLang 4.65 (current) (and earlier?)
---
General information:
PBLang is an international BBS-software based on
PHP. It does not require any database but bases on a
flatfile system. Many professional features. More
info on the project website.
---
Description:
pmpshow.php shows the pm's a user has received,
however, the body of the received PM is not checked
for any harmfull characters like < > and ". An
attacker could steal sessions or do other things with
javascript.
---
Proof Of Concept:
Type "<script
language="javascript">alert("Hackerlounge.com pwns
joo");</script>" in the body of the PM your going to
send a victim. An alertbox saying "Hcakerlounge.com
pwns joo" should pop up.
---
Fix and Vendor status:
The vendor has been notified and a patch is
"pending".
---
[][][][][][][][][][][][][][][][][][][][][][][][][][]
[][][]
[]
[] HRG - Hackerlounge Research Group
[] Release: HRG002
[] Friday 11-02-05
[] Software PBLang 4.65 pmpshow.php XSS
vulnerability
[]
[] The author can't be held responsible for any
damage
[] done by a reader. You have your own resonsibility
[] Please use this document like it's meant to.
[]
[][][][][][][][][][][][][][][][][][][][][][][][][][]
[][][]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic