Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Security Advisory: BiTBOARD xss

From: Martin Heistermann <martin.heistermann () web de>
Date: 12 Jan 2005 17:58:58 -0000


Advisory Information
--------------------
Advisory name           :  BiTBOARD XSS
Discovered by           :  drhankey / it-security23.net
Vendor Name             :  the bitshifters sdc
Vendor Homepage         :  http://www.bitshifters.net
Software                :  Bitboard
Vulnerability Type      :  Cross-Site-Scripting
Vulnerable Versions     :  2.5 and prior
Platforms               :  OS Independent, PHP


What is Bitshifters Bitboard?
----------------------------------
Woltlab Burning Board Lite is a free message board using plain text files as database.


Vulnerability Description:
-------------------------
Ii's possible to inject javascript by abusing some kind of bbcode used in the posting system.

Proof of Concept:
-----------------
[img]path/to/some/image' onMouseover='alert("hehehe... insecure");[/img]
Previous By Date Next
Previous By Thread Next

Current thread: