lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Date: Fri, 27 Jun 2003 01:43:35 +0100 (BST)
From: <lavieangel@...omain.com>
To: <bugtraq@...urityfocus.com>
Subject: WebBBS Guestbook : Cross Site Scripting




              WebBBS Guestbook : Cross Site Scripting


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Program    : WebBBS
Url vendor : http://awsd.com/scripts/webbbs/
Problem    : Multiple Cross Site Scripting Vulnerabilities
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Author     : Thierry LAVIE (contact@...ieangel.com)
Www        : www.lavieangel.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


DESCRIPTION :
~~~~~~~~~~~~~
WebBBS is, as the name implies, a Web-based bulletin board. Unlike most
other such boards, though, WebBBS stores messages as simple text files and
creates HTML pages "on the fly." This means that the message index can be
tailored by the user based on date and/or subject (via built-in keyword
search capability), and can be viewed as threaded, chronological or
"guestbook-style" lists. A wide variety of options are available both to
the administrator and to the users, and "behind-the scenes" administrative
tasks (editing and deleting of messages, etc.) are a breeze! WebBBS
supports automatic quoting of message text and e-mail notification of
those who want to know immediately when a new message has been posted. It
also offers an archive-only option, the ability to run moderated boards,
and "cookie" support!



PROBLEM :
~~~~~~~~~
When you sign the guestbook, it's possible to include codes into
the 'Name', 'Email' or 'Message' fields. Then when the guestbook
is viewed, the code is executed (client side).


EXPLOIT :
~~~~~~~~~
For example, by including the following javascript code into one
of the 3 fields, the guestbook would be out of service, because when
requested, it would immediatly redirect every clients to 'www.toto.com'.

<script>window.location.replace("http://www.toto.com");</script>


SOLUTION :
~~~~~~~~~~
No solution yet, vendor has been informed by mail.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ