[38172] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Security Advisory: BiTBOARD xss

daemon@ATHENA.MIT.EDU (Martin Heistermann)
Wed Jan 12 15:04:32 2005

Date: 12 Jan 2005 17:58:58 -0000
Message-ID: <20050112175858.20334.qmail@www.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: Martin Heistermann <martin.heistermann@web.de>
To: bugtraq@securityfocus.com



Advisory Information
--------------------
Advisory name		:  BiTBOARD XSS
Discovered by		:  drhankey / it-security23.net
Vendor Name		:  the bitshifters sdc
Vendor Homepage		:  http://www.bitshifters.net
Software		:  Bitboard
Vulnerability Type	:  Cross-Site-Scripting
Vulnerable Versions	:  2.5 and prior
Platforms		:  OS Independent, PHP


What is Bitshifters Bitboard?
----------------------------------
Woltlab Burning Board Lite is a free message board using plain text files as database.


Vulnerability Description:
-------------------------
Ii's possible to inject javascript by abusing some kind of bbcode used in the posting system.

Proof of Concept:
-----------------
[img]path/to/some/image' onMouseover='alert("hehehe... insecure");[/img]


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[38172] in bugtraq

Security Advisory: BiTBOARD xss

daemon@ATHENA.MIT.EDU (Martin Heistermann)Wed Jan 12 15:04:32 2005

daemon@ATHENA.MIT.EDU (Martin Heistermann)
Wed Jan 12 15:04:32 2005