From: =?iso-8859-1?Q?Daniel_Nystr=F6m?= <exce@netwinder.nu> To: <bugtraq@securityfocus.com>, <submissions@packetstormsecurity.org> Subject: [[ TH 026 Inc. ]] SA #2 - IcrediBB 1.1, Cross Site Scripting vulnerability. Date: Fri, 19 Apr 2002 08:48:24 +0200 Telhack 026 Inc. Security Advisory - #2 _________________________________________ Name: IcrediBB 1.1 (iBB Beta 1.1) Impact: Medium (Cross Site Scripting) Date: April 19 / 2002 _________________________________________ Daniel Nyström <exce@netwinder.nu> _I N F O_ IcrediBB is a web BB. PHP powered, MySQL backend. Quick as well as easy on the server's resources. Vendor has been notified of all issues discussed. vendor is at: http://www.icredibb.com , and the package used for experimentation was icredi1-1.tar.gz found at http://www.sourceforge.net -> icredibb . _P R O B L E M_ A Cross Site Scripting has been found due to insufficient checking of user input in both thread title and body. Therefore a user may post a message containing hostile javascript for example. _I M P A C T_ Medium, as stealing of cookies is possible and probably you can mess up alot of things in MSIE * with evil javascript. _E X P L O I T I N G_ Post a message containing: <script>alert('Cross Site Scripting possible');</script> in either the subject line or the message body. When users view the forum(subject vuln) or the post(body vuln) the javascript will be executed. _F I X E S_ This vulnerability exist because of improper checking of user input. Suggest vendor filter out bad HTML and release new vesion. /Daniel Nyström a.k.a. excE @ Telhack 026 Inc. http://excelsi0r.darktech.org http://www.telhack.com