![[LWN Logo]](/images/lcorner.png) |
|
![[LWN.net]](/images/Included.png) |
From: =?iso-8859-1?Q?Daniel_Nystr=F6m?= <exce@netwinder.nu>
To: <bugtraq@securityfocus.com>,
<submissions@packetstormsecurity.org>
Subject: [[ TH 026 Inc. ]] SA #2 - IcrediBB 1.1, Cross Site Scripting vulnerability.
Date: Fri, 19 Apr 2002 08:48:24 +0200
Telhack 026 Inc. Security Advisory - #2
_________________________________________
Name: IcrediBB 1.1 (iBB Beta 1.1)
Impact: Medium (Cross Site Scripting)
Date: April 19 / 2002
_________________________________________
Daniel Nyström <exce@netwinder.nu>
_I N F O_
IcrediBB is a web BB. PHP powered, MySQL backend. Quick as well as
easy on the server's resources. Vendor has been notified of all issues
discussed.
vendor is at: http://www.icredibb.com , and the package used for
experimentation
was icredi1-1.tar.gz found at http://www.sourceforge.net -> icredibb .
_P R O B L E M_
A Cross Site Scripting has been found due to insufficient checking of user
input
in both thread title and body. Therefore a user may post a message
containing
hostile javascript for example.
_I M P A C T_
Medium, as stealing of cookies is possible and probably you can mess up alot
of
things in MSIE * with evil javascript.
_E X P L O I T I N G_
Post a message containing:
<script>alert('Cross Site Scripting possible');</script>
in either the subject line or the message body. When users view the
forum(subject vuln)
or the post(body vuln) the javascript will be executed.
_F I X E S_
This vulnerability exist because of improper checking of user input. Suggest
vendor filter
out bad HTML and release new vesion.
/Daniel Nyström a.k.a. excE @ Telhack 026 Inc.
http://excelsi0r.darktech.org
http://www.telhack.com