[<prev] [next>] [day] [month] [year] [list]
Message-ID: <AANLkTikvqV7jO-oxcqvy+W=5BadfSgB-v4Pr_ks6sb+h@mail.gmail.com>
Date: Tue, 3 Aug 2010 14:36:47 +0100
From: Domain Admin <martin@...help.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Multiple XSS issues exist in Fusetalk forums.
XSS vulnerability in FuseTalk Forums
-------------------------------------
Vulnerability ID: Month Of Full Disclosure 1 = MOFD1
------------------------------------
Product: FuseTalk
-------------------------------------
Vendor: FuseTalk Inc (
http://www.fusetalk.com/Company/AboutFuseTalk/tabid/111/Default.aspx )
-------------------------------------
Vulnerable Version: 4.0 Which is current version and Probably Prior Versions
-------------------------------------
Vendor Notification: 02 August 2010
Public Disclosure: 02 August 2010
-------------------------------------
Vulnerability Type: XSS (Cross Site Scripting)
-------------------------------------
Status: Public Disclosure - Not Fixed, Vendor Alerted,
Awaiting Vendor Response
-------------------------------------
Risk level: Medium
-------------------------------------
Credit: Martin Hall - TheTestManager
Site = http://www.thetestmanager.com
twitter = @thetestmanager
Vulnerability Details:
There exists multiple XSS errors in FuseTalk Forums.
These errors exist even months/years after previous HTML /SQL injection
errors were reported to FuseTalk.
It is time for a full and through source code review guys.
-------------------------------------
Potential Users Affected = minimum = 250,000 users
SunBelt = 5664 Users
FuseTalk = 11357
AMD = 103488 users
AMD Game = 43767
wilmott.com = 79718 users
collectors.com = 31396 users
2ndlight.com = 23033 users
-------------------------------------
Dork to find Vulnerable Sites (1)
fusetalk "users are registered"
Dork to find Vulnerable Sites (2)
© 1999-2010 FuseTalk Inc. All rights reserved.
-------------------------------------
Sample URL's
http://forums.fusetalk.com/usersearchresults.cfm?keyword=ttm--"%20><script>alert("TheTestManager.com-
Month of Full disclosure")</script>&FT_ACTION=SearchUsers - (IE8
tested)
or
http://supportforums.sunbeltsoftware.com/categories.aspx?catid=76&FTVAR_SORT=date&FTVAR_SORTORDER=0017ttm-"
style=x:expression(alert("TheTestManager")) ttm=" (IE7 test)
-------------------------------------
Solution:
Currently I'm not aware of any vendor-supplied patches or other solutions.
If you are aware of more recent information related to this issue
please notify me at: martin@...help.com
Users are recommended to use NoScript or other XSS mitigating software
Admins are advised to change forum software, or put pressure on
FuseTalk to carry out a full source code review.
-------------------------------------
Other Miscellany Information
http://www.fusetalk.com/ProductsServices/FuseTalk/WhosUsingFuseTalk/tabid/72/Default.aspx
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists