Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
|
WoltLab Burning Board Input Validation Bug in 'wiw.php' Lets Remote Users Conduct Cross-Site Scripting Attacks
|
|
SecurityTracker Alert ID: 1006083 |
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Feb 12 2003
|
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
|
Exploit Included: Yes
|
Version(s): wBB2; 2.0, 2.0.1, 2.0.2
|
Description: Hendrik Richter reported an input validation vulnerability in the WoltLab Burning Board (wBB) forum software. A remote user can conduct cross-site scripting attacks against wBB users.
It is reported that the 'wiw.php' script does not properly filter user-supplied input in the 'sortby' and 'order' parameters to remove
HTML code.
A remote user can create a specially crafted URL that, when loaded by a target user, will cause arbitrary scripting
code to be executed by the target user's browser. The code will originate from the site running the wBB 2 forum software and will
run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication
cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take
actions on the site acting as the target user.
A demonstration exploit URL is provided:
/board/wiw.php?sid=&order=%22%3E%3Cscript%20type=%22text/javascript%22%3Eal
ert(document.cookie);%3C/script%3E%3Cb%20%22
The vendor has reportedly been notified.
|
Impact: A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running wBB
2, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target
user.
|
Solution: No vendor solution was available at the time of this entry.
The author of the report has indicated that, as a workaround, you can disable automatic refresh in wiw.php by using the Admin Control Panel (ACP).
|
Vendor URL: www.woltlab.de/ (Links to External Site)
|
Cause: Input validation error
|
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
|
Reported By: Hendrik Richter <info@naggel.com>
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Wed, 12 Feb 2003 15:36:13 +0100
From: Hendrik Richter <info@naggel.com>
Subject: Woltlab Burning Board allows users to insert dangerous JavaScript
|
Hallo,
I've found a bug in Woltlab's Burning Board, the programmers are also informed:
----------------------------------------------------------------------
Woltlab Burning Board allows users to insert dangerous JavaScript
Impact: Disclosure of authentication information, Disclosure of user information, Execution of
arbitrary code via network, Modification of user information, User access via network, etc.
Exploit Included: Yes
Version(s): wBB 2: Betas, RCs, 2.0, 2.0.1, 2.0.2
Description: An input validation vulnerability was reported in Woltlab Burning Board. A remote user
can conduct cross-site scripting attacks against wBB users in wiw.php. Woltab failes to filter
$_GET['sortby'] and $_GET['order'] from JavaScript-Code.
A demonstration exploit tag is provided:
Browse ton URI
/board/wiw.php?sid=&order=%22%3E%3Cscript%20type=%22text/javascript%22%3Ealert(document.cookie);%
3C/script%3E%3Cb%20%22
Solution: Disable automatic refresh in wiw.php (use the ACP)
Vendor URL: www.woltlab.de/ (Links to External Site)
Cause: Input validation error
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
Reported By: "Hendrik Richter" <info@naggel.com>
Message History: None.
----------------------------------------------------------------------
Sincerly,
Hendrik Richter
|
|
Go to the Top of This SecurityTracker Archive Page
|
