SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Report a Bug
Report a vulnerability that you have found to SecurityTracker -- bugs@securitytracker.com
Questions?
Want to learn about SecurityTracker? We've got answers to frequently asked questions right here
Sign Up!





Category:  Application (Web Server/CGI)  >  Open Bulletin Board (OpenBB) Vendors:  Iansoft Enterprises
Open Bulletin Board (OpenBB) Input Filtering Bug Lets Remote Users Conduct Cross-Site Scripting Attacks Against OpenBB Users
Date:  Feb 25 2002
Impact:  Disclosure of authentication information, Execution of arbitrary code via network
Exploit Included:  Yes  
Version(s): 1.0.0 and prior
Description:  A vulnerability was reported in the Iansoft Enterprises Open Bulletin Board (OpenBB). A remote user can conduct cross-site scripting attacks against OpenBB web site users.

A remote user can create and post an HTML-based message that contains malicious javascript so that when another target user views the message, the javascript will be executed by the target user's browser. The code will appear to originate from the web site running OpenBB and will run in the security context of that web site. As a result, the javascript code can access the target user's cookies and other information associated with the OpenBB site.

The following is a demonstration exploit string:

[img]javasCript:alert('Hello world.')[/img]
Impact:  A remote user may be able to cause arbitrary javascript to execute on another user's browser to steal that user's cookies associated with the web site running OpenBB.
Solution:  No vendor solution was available at the time of this entry.

The author of the report recommends that the code be modified so that all URLs in [img] tags start with "http://".
Vendor URL:  www.openbb.net/ (Links to External Site)
Cause:  Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)
Underlying OS Comments:  PHP-based
Reported By:  skizzik@imail.ru
Message History:   This archive entry has one or more follow-up message(s) listed below.
Mar 1 2002 (Vendor Issues Patch) Re: Open Bulletin Board (OpenBB) Input Filtering Bug Lets Remote Users Conduct Cross-Site Scripting Attacks Against OpenBB Users   ("Nate Pinchot" <npinchot@ccservice.cc>)
The vendor has issued a fix.


 Source Message Contents
Date:  Mon, 25 Feb 2002 20:13:18 +0300
From:  skizzik@imail.ru
Subject:  Open Bulletin Board javascript bug.

 

   OpenBB is free php-based forum.  

   Exploit:
   [img]javasCript:alert('Hello world.')[/img]

   Vulnerable systems:
   All versions of Open Bulletin Board including 
v.1.0.0 

   Immune systems:
   None

   Solution:
   All url's in [img] tags should start  
with "http://" 

                                     Yurij Rumiantsev


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2002, SecurityGlobal.net LLC