SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Questions?
Want to learn about SecurityTracker? We've got answers to frequently asked questions right here
Sign Up!





Category:  Application (Forum/Board/Portal)  >  WoltLab Burning Board (wBB) Vendors:  Woltlab
WoltLab Burning Board PHP-based Forum Software Has Input Filtering Flaws That Allow Cross-Site Scripting Attacks
Date:  Apr 24 2002
Impact:  Disclosure of authentication information, Execution of arbitrary code via network, User access via network
Exploit Included:  Yes  
Version(s): 1.1.0 and prior versions
Description:  Several vulnerabilities were reported in WoltLab Burning Board (wBB). A remote user can conduct cross-site scripting attacks against forum users to gain access to user and administrator accounts on the system.

It is reported that a remote user can submit a message to the forum that contains javascript within a bbcode image tag '[img]', as scripting code is not filtered by the bulletin board. The following is an example of javascript that will not be filtered:

[img]javascript:alert('XSS')[/img]

Then, when a target (victim) wBB user views the message with the embedded malicious image tag, the javascript will be executed by the target user's browser. This code will originate from the site running wBB and will run in the security context of that site. As a result, the code will be able to access the target user's cookies associated with the site and send the cookies to a remote site.

Once a remote user has obtained the authentication cookies of another wBB user, the remote user can gain access to that user's account by accessing the wBB site and sending the authentication cookies to the server.

For more information, see the original report (French language):

http://www.ifrance.com/kitetoua/tuto/wbboard.txt
Impact:  A remote user can cause arbitrary javascript to be executed on another wBB user's computer to steal that user's authentication cookies associated with wBB. Then, the remote user can access the wBB user's account.
Solution:  No solution was available at the time of this entry.
Vendor URL:  www.woltlab.com/ (Links to External Site)
Cause:  Input validation error
Underlying OS:  Linux (Any), UNIX (Any)
Reported By:  frog frog <leseulfrog@hotmail.com>
Message History:   None.

 Source Message Contents
Date:  11 Apr 2002 12:18:07 -0000
From:  frog frog <leseulfrog@hotmail.com>
Subject:  Security holes in WoltLab Burning Board

 



Product :
WoltLab Burning Board
http://www.woltlab.de

Versions :
1.1.0 and less

Problems :
- XSS
- Access to users/admins accounts

More details in french :
http://www.ifrance.com/kitetoua/tuto/wbboard.txt

translated by google :
http://translate.google.com/translate?u=http%3A%
2F%2Fwww.ifrance.com%2Fkitetoua%2Ftuto%
2Fwbboard.txt&langpair=fr%7Cen&hl=en&prev=%
2Flanguage_tools

frog-m@n


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2002, SecurityGlobal.net LLC