[24456] in bugtraq

home help back first fref pref prev next nref lref last post

Snitz 2000 Code Patch (was RE: Open Bulletin Board javascript bug.)

daemon@ATHENA.MIT.EDU (Joshua_Hiller@aeanet.org)
Thu Feb 28 23:20:20 2002

To: bugtraq@securityfocus.org
Message-ID: <OF7FB48615.C07E1192-ON88256B6E.001ECEB3-88256B6E.0020652D@aeanet.org>
From: Joshua_Hiller@aeanet.org
Date: Wed, 27 Feb 2002 21:46:36 -0800
MIME-Version: 1.0
Content-type: text/plain; charset=us-ascii

The fix listed below is functional, but the vendor of this product has
released a
much better version posted at
http://forum.snitz.com/forum/link.asp?TOPIC_ID=23660

Please use the above version, as it uses the replace function properly (I
was in a hurry), takes care of
more characters, and is the vendor approved patch.

I am -=not=- the vendor for this product, I just think it's an excellent
application, and have used it a great deal.
(The fact that it's free is like a total bonus ;) )  The website for this
application can be found at
http://www.snitz.com or http://forum.snitz.com (Forum site) .

I posted the fix because I wanted administrators to be able to resolve this
problem as quickly as possible. :)

Josh





-=-=-=FORWARDED MESSAGE

>'##### Quick Bug fix for Javascript in [img] tags - Joshua Hiller 02.27.02
#####
>                   strUrlText = replace(LCase(strUrlText),"javascript",
"")
>'##### End Quick Bug fix for Javascript in [img] tags - Joshua Hiller
02.27.02 #####
>
>
>
>
>
>                      "Justin"
>                      <jwgolihew@cs.miller        To:
<bugtraq@securityfocus.org>
>                      sville.edu>                 cc:
>                                                  Subject:  RE: Open
Bulletin Board javascript bug.
>                      02/26/02 06:05 PM
>
>
>
>
>
>
>Snitz Forums 2000, another free bulletin board software is also
vulnerable.
>
>-----Original Message-----
>From: godminus [mailto:godminus@owns.com]
>Sent: Tuesday, February 26, 2002 1:24 PM
>To: bugtraq@securityfocus.org
>Subject: Re: Open Bulletin Board javascript bug.
>
>
>>   OpenBB is free php-based forum.
>>
>>   Exploit:
>>   [img]javasCript:alert('Hello world.')[/img]
>>
>>   Vulnerable systems:
>>   All versions of Open Bulletin Board including
>>   v.1.0.0
>>
>>  Immune systems:
>>   None
>>
>>   Solution:
>>   All url's in [img] tags should start
>>   with "http://"
>>
>>                                    Yurij Rumiantsev
>
>Ikonboard version 3.0.1 is vulnerable for the same bug
>
> -- godminus
>
>
>
>
>
home help back first fref pref prev next nref lref last post