| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 20 Jan 2004 13:08:24 -0600 From: Curt Rebelein Junior <curt@...by.com> To: gcf@...h.com Cc: bugtraq@...urityfocus.com, vuln-dev@...urityfocus.com Subject: Re: vBulletin Security Vulnerability What versions of vBulletin does this affect? What version is the oldest patched version? Like all vB security related bugs, I see no mention of this on the vB forums. A long time ago (Tue Jan 20). In a galaxy far away... gcf@...h.com wrote: # -----BEGIN PGP SIGNED MESSAGE----- # Hash: SHA1 # # - - ------------------------------------------------------- # GERMAN COMPUTER FREAKS - SECURITY ADVISORY - SINCE 1997 # January 20st, 2003 # - - ------------------------------------------------------- # # Software : vBulletin Bulletin Board # Vendor : Jelsoft Enterprises Limited / inGame GmbH # Vulnerability : Cross Site Scripting # Status : Author has been notified # # - - ------------------------------------------------------ # # - - - - Description # # vBulletin Bulletin Board derivatives contain a security bug # that may lead to disclosure of private informations due to a # cross site scripting attack. # # This vulnerability may enable an attacker to transmit sensitive # informations like 'encrypted' passwords, user identification # numbers or forum passwords to another server. # # Currently, we will refrain from publishing proof of concept # information to mitigate the impact of this vulnerability. # # - - - - Technical Details # # Due to an improper quoted field in register.php it's possible # to inject malicious HTML code. With the use of Javascript code # an attack is then able to send sensitive informations (like # cookies) to a foreign server. # # Attack Example: # # <form action="http://www.VULN-BOARD.com/register.php" method="GET"> # <input type="hidden" name="reg_site" # value="<SCRIPT><!-- EVIL CODE //--></SCRIPT>"/> # <input type="text" name="email" value="" /> # <input type="submit" value="Show my cookies" /> # # - - - - Patch # # The vendor released a patch for this vulnerability. # # - - - - Closing Words # # 07.01.04 Contacting the board developers and explaining the vulnerability # 08.01.04 Developing a proof of concept tool (undisclosed) # 20.01.04 Disclosure of this advisory to public # # - - - - Greets # # This bug was found by Darkwell. We would like to great Natok! # He's great! # # _________________ ___________ # / _____/\_ ___ \\_ _____/ # / \ ___/ \ \/ | __) # \ \_\ \ \____| \ # \______ /\______ /\___ / # \/ \/ \/ # The German Computer Freaks # www.gcf.de Since 1997 /\ # / \ # ____________________________________________________________/ # / # \ / # \/ # # -----BEGIN PGP SIGNATURE----- # Note: This signature can be verified at https://www.hushtools.com/verify # Version: Hush 2.3 # # wkYEARECAAYFAkANbpsACgkQcd4BvfErJcpzFQCggXQa7WHVZslM1e/3ahG333e8lrMA # oL1vBo7v3oJjMNxhzf3oINBIp8e6 # =msHO # -----END PGP SIGNATURE----- # # # # # Concerned about your privacy? Follow this link to get # FREE encrypted email: https://www.hushmail.com/?l=2 # # Free, ultra-private instant messaging with Hush Messenger # https://www.hushmail.com/services.php?subloc=messenger&l=434 # # Promote security and make money with the Hushmail Affiliate Program: # https://www.hushmail.com/about.php?subloc=affiliate&l=427 -- Curt Rebelein, Junior http://rebby.com
Powered by blists - more mailing lists