| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20050108192957.25739.qmail@www.securityfocus.com> Date: 8 Jan 2005 19:29:57 -0000 From: Martin Heistermann <martin.heistermann@....de> To: bugtraq@...urityfocus.com Subject: Security Advisory: Woltlab Burning Board Lite formmail.php XSS Advisory Information -------------------- Advisory name : Woltlab Burning Board Lite formmail.php XSS Discovered by : drhankey / it-security23.net Vendor Name : Woltlab Vendor Homepage : http://www.woltlab.de Software : Woltlab Burning Board Lite Vulnerability Type : Cross-Site-Scripting Vulnerable Versions : 1.0.0, 1.0.1e, maybe more Platforms : OS Independent, PHP What is Woltlab Burning Board Lite? ---------------------------------- Woltlab Burning Board Lite is the free version of the Woltlab Burning Board, a PHP based bulletin board Vulnerability Description: ------------------------- formmail.php outputs the "userid"-parameter unfiltered, so its possible to add arbitary Code to the output by using a malformed link. The Board also allows logging in with stolen cookies. Proof of Concept: ----------------- http://website/board/formmail.php?userid=1"><script>document.location.href="http://www.it-security23.net";</script x="y
Powered by blists - more mailing lists