[28162] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Input Validation Error in vbulletin 2.2.x

daemon@ATHENA.MIT.EDU (Dorin Balanica)
Wed Dec 11 17:31:31 2002

From: "Dorin Balanica" <dorin@bados.com>
To: <BugTraq@securityfocus.com>
Date: Sun, 8 Dec 2002 06:01:20 +0200
Message-ID: <NNEJKPNHLICPJJACLKIIEENKCAAA.dorin@bados.com>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
In-Reply-To: <20021203200900.17752.qmail@web11606.mail.yahoo.com>

Description:
---------------
VBulletin discussion forum (http://www.vbulletin.com) does not properly
validate the input for html tag enabled forums, allowing arbitrary
JavaScript code to be run for any access level user.

Prof of concept:
----------------
<b onMouseOver="alert(document.location);">This piece of text could be
dangerous if you were to move your mouse over it!</b>

In action here:
http://www.vbulletin.com/admindemo/showthread.php?threadid=3

Workaround:
-----------
Disable the ability to post messages containing HTML code

Vulnerable Versions:
--------------------
2.2.7
2.2.8

Not vulnerable:
---------------
?

Special thanks
--------------
To Pete Foster <pete@sec-tec.demon.co.uk> for finding the same problem
in phpBB which gave me idea to investigate.

---------------------------------
Dorin Balanica
dorin@bados.com
Security Officer,
bados.com


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[28162] in bugtraq

Input Validation Error in vbulletin 2.2.x

daemon@ATHENA.MIT.EDU (Dorin Balanica)Wed Dec 11 17:31:31 2002

daemon@ATHENA.MIT.EDU (Dorin Balanica)
Wed Dec 11 17:31:31 2002