lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: 16 Mar 2004 03:14:15 -0000
From: JeiAr <security@...ftech.org>
To: bugtraq@...urityfocus.com
Subject: JelSoft vBulletin Multiple XSS Vulnerabilities




Vendor  : Jelsoft Enterprises
URL     : http://www.vbulletin.com
Version : vBulletin 3.0.0 RC4 && Others
Risk    : Cross Site Scripting



Description:
vBulletin is a powerful, scalable and fully customisable forums package 
for your web site. Based on the PHP language, backed with a blisteringly 
fast MySQL back-end database, vBulletin is the ideal community solution 
for all medium-to-large sites.



Cross Site Scripting:
JelSoft vBulletin is prone to attack in three different files (maybe more)
The files affected are "showthread.php", "forumdisplay.php", and also the
"memberlist.php" file. The "memberlist.php" does not seem to be prone to
the same attack I am about to talk about in versions three and later. The
type of XSS that takes place though on vBulletin is what I would call a
higher risk XSS issue. What I mean by that is a lot of times slashes will
be added to certain characters, or certain strings/characters disallowed,
but in vBulletin you can enter pretty much anything and have it execute
successfully. This makes it a whole lot easier for an attacker to use these
vulnerabilities to disclose a users information. Below are examples of the
issues I have talked about here. Remember, the "memberlist.php" issue only
seems to affect versions prior to 3.0, but the others affect all versions.

showthread.php?t=[VID]&page=[INT][XSS]
forumdisplay.php?f=[VID]&page=[INT]&sort=lastpost&order=[XSS]
memberlist.php?action=getall&what=[XSS]&ltr=&perpage=25&orderby=username



Solution:
JelSoft were notified and there will probably be a release of a patch or
update to resolve these issues. Who knows, they might even charge you for
the upgrade also :P heheh



Credits:
Credits go to JeiAr of the GulfTech Security Research Team. 
http://www.gulftech.org

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ