Bugtraq mailing list archives
O'Reilly WebBoard 4.10.30 JavaScript code execution problem
From: "Helmuth Antholzer" <helli () dnet it>
Date: Sat, 2 Jun 2001 19:00:36 +0200
I found following problem in the WebBoard: The Board has a paging function. User A can send a message to user B. User B gets a javascript popup (produced with alert()) with the message from user A. The problem is that user A can close the alert() function and so he can execute his javascript code on user B's machine. Example of a message wich executes my code: \');for(i=0;i<100000;i++) alert("not nice"); // There is a function that escapes the ' but if i escape it it will be escaped a second time ... the effect is that then the \ will escaped and the alert is closed. so after that i can put my code! // (comment) this comment is needed becaus there is still a '); from the alert, with the help of the commen this will not produce an error. greets helli
Current thread:
- O'Reilly WebBoard 4.10.30 JavaScript code execution problem Helmuth Antholzer (Jun 04)