lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <1423726642.228880966@f292.i.mail.ru>
Date: Thu, 12 Feb 2015 10:37:22 +0300
From: W S <w@...ox.ru>
To: fulldisclosure@...lists.org
Subject: [FD] Vanilla forum Stored XSS on any private message / thread post

 The vulnerability is related to the insufficient filtration in HTMLawed. Existing filter can be bypassed and paste into the HTML tag <img> onerror event, that leads to stored XSS.

I notified the developers of existing vulnerabilities and they closed it in version 2.1.1

proof:
http://vanillaforums.org/discussion/27540/vanilla-2-1-1-important-security-bug-release

vulnerable versions:
2.0 to 2.1.1 
maybe 1.* versions

my XSS exploit:
<img alt="<img onerror=alert(1)//"<"> 



Screenshot with alert in attach of this message.
Download attachment "vanilla xss.png" of type "image/png" (36074 bytes)


_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ