Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Multiple XSS issues exist in Fusetalk forums.

From: Domain Admin <martin () hb-help com>
Date: Tue, 3 Aug 2010 14:36:47 +0100
XSS vulnerability in FuseTalk Forums
-------------------------------------
Vulnerability ID: Month Of Full Disclosure 1 = MOFD1
------------------------------------
Product:        FuseTalk
-------------------------------------
Vendor: FuseTalk Inc (
http://www.fusetalk.com/Company/AboutFuseTalk/tabid/111/Default.aspx )
-------------------------------------
Vulnerable Version:     4.0 Which is current version and Probably Prior Versions
-------------------------------------
Vendor Notification:    02 August 2010
Public Disclosure:      02 August 2010
-------------------------------------
Vulnerability Type:     XSS (Cross Site Scripting)
-------------------------------------
Status: Public Disclosure - Not Fixed, Vendor Alerted,
Awaiting Vendor Response
-------------------------------------
Risk level:     Medium
-------------------------------------
Credit: Martin Hall - TheTestManager
Site = http://www.thetestmanager.com
twitter = @thetestmanager
Vulnerability Details:
There exists multiple XSS errors in FuseTalk Forums.
These errors exist even months/years after previous HTML /SQL injection
errors were reported to FuseTalk.
It is time for a full and through source code review guys.
-------------------------------------
Potential Users Affected = minimum = 250,000 users
SunBelt = 5664 Users
FuseTalk = 11357
AMD = 103488 users
AMD Game = 43767
wilmott.com = 79718 users
collectors.com = 31396 users
2ndlight.com = 23033 users
-------------------------------------
Dork to find Vulnerable Sites (1)
fusetalk "users are registered"
Dork to find Vulnerable Sites (2)
© 1999-2010 FuseTalk Inc. All rights reserved.
-------------------------------------
Sample URL's
http://forums.fusetalk.com/usersearchresults.cfm?keyword=ttm--"%20><script>alert("TheTestManager.com-
Month of Full disclosure")</script>&FT_ACTION=SearchUsers  - (IE8
tested)

or

http://supportforums.sunbeltsoftware.com/categories.aspx?catid=76&FTVAR_SORT=date&FTVAR_SORTORDER=0017ttm-";
style=x:expression(alert("TheTestManager")) ttm=" (IE7 test)
-------------------------------------
Solution:
Currently I'm not aware of any vendor-supplied patches or other solutions.
If you are aware of more recent information related to this issue
please notify me at: martin () hb-help com

Users are recommended to use NoScript or other XSS mitigating software
Admins are advised to change forum software, or put pressure on
FuseTalk to carry out a full source code review.
-------------------------------------
Other Miscellany Information
http://www.fusetalk.com/ProductsServices/FuseTalk/WhosUsingFuseTalk/tabid/72/Default.aspx

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: