[29913] in bugtraq
Cross site scripting in Onecenter forum 4.0
daemon@ATHENA.MIT.EDU (David F. Madrid)
Fri Apr 25 17:37:59 2003
Message-ID: <47440.80.58.4.235.1051236077.squirrel@www.vsantivirus.com>
Date: Thu, 24 Apr 2003 23:01:17 -0300 (ART)
From: "David F. Madrid" <conde0@telefonica.net>
To: <bugtraq@securityfocus.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Issue : cross site scripting in Onecenter forum
Affected Product : Onecenter forum 4.0
Description :
Onecenter offers a free discussion forum hosted in the company's servers (
forum.onecenter.com ) . Any user in the forum is identified by a cookie
that contains nick , name , mail address and password . This information
can be easily obtained as you can add in your posts the img html tag with
a custom script as follows
<img src=javascript:alert(document.cookie);>
To impersonate any user in the forum ( onecenter administrators would be a
good choice ) you just have to build a cookie like the one obtained and
visit the forum .
--
Regards ,
David F. Madrid
Madrid , Spain
