Bugtraq mailing list archives
Security Advisory: BiTBOARD xss
From: Martin Heistermann <martin.heistermann () web de>
Date: 12 Jan 2005 17:58:58 -0000
Advisory Information -------------------- Advisory name : BiTBOARD XSS Discovered by : drhankey / it-security23.net Vendor Name : the bitshifters sdc Vendor Homepage : http://www.bitshifters.net Software : Bitboard Vulnerability Type : Cross-Site-Scripting Vulnerable Versions : 2.5 and prior Platforms : OS Independent, PHP What is Bitshifters Bitboard? ---------------------------------- Woltlab Burning Board Lite is a free message board using plain text files as database. Vulnerability Description: ------------------------- Ii's possible to inject javascript by abusing some kind of bbcode used in the posting system. Proof of Concept: ----------------- [img]path/to/some/image' onMouseover='alert("hehehe... insecure");[/img]
Current thread:
- Security Advisory: BiTBOARD xss Martin Heistermann (Jan 12)