SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Forum/Board/Portal)  >  WWWBoard Vendors:  Wright, Matt
WWWboard Input Validation Flaw in Message Posting Field Lets Remote Users Conduct Cross-Site Scripting Attacks
SecurityTracker Alert ID:  1006149
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Feb 23 2003
Impact:  Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Exploit Included:  Yes  
Advisory:  Security-Corp
Version(s): 2.0 Alpha 2.1 and prior versions
Description:  An input validation flaw was reported in the WWWboard forum software from Matt's Script Archive. A remote user can conduct cross-site scripting attacks.

Security Corporation reported that the flaw resides in the page used to post messages (/wwwboard/wwwboard.html#post) in the "Message" field. A remote user can submit specially crafted message contents so that when a target user views the message, arbitrary scripting code will be executed by the target user's browser. The code will originate from the site running WWWboard and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

Some demonstration exploit content is provided:

<script>alert("Cookie="+document.cookie)</script>

The vendor has reportedly been notified.
Impact:  A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running WWWboard, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution:  No solution was available at the time of this entry.
Vendor URL:  www.scriptarchive.com/wwwboard.html (Links to External Site)
Cause:  Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)
Reported By:  =?iso-8859-1?Q?Gr=E9gory_Le_Bras_|_Security_Corporation?= <gregory.lebras@security-corp.org>
Message History:   None.

 Source Message Contents
Date:  Sun, 23 Feb 2003 03:28:40 +0100
From:  =?iso-8859-1?Q?Gr=E9gory_Le_Bras_|_Security_Corporation?= <gregory.lebras@security-corp.org>
Subject:  [Full-Disclosure] [SCSA-007] Cross Site Scripting Vulnerabilities in WWWBoard

 

________________________________________________________________________

Security Corporation Security Advisory [SCSA-007]
________________________________________________________________________

PROGRAM: WWWBoard
HOMEPAGE: http://www.scriptarchive.com
VULNERABLE VERSIONS: 2.0A2.1 and prior
________________________________________________________________________


DESCRIPTION
________________________________________________________________________

WWWBoard is "A threaded discussion forum that allows users to post
new messages, followup to existing ones and more. Includes a basic
admin to maintain the board."

(direct quote from WWWBoard website)


DETAILS
________________________________________________________________________

A Cross-Site Scripting vulnerability have been found in WWWBoard
which allow attackers to inject script codes into the forum and use them
on clients browser as if they were provided by the site.

This Cross-Site Scripting vulnerability are found in the page for
posting messages.

An attacker can input specially crafted links and/or other
malicious scripts.


EXPLOIT
________________________________________________________________________

A vulnerability was discovered in the page for posting messages,
at this adress :

http://[target]/wwwboard/wwwboard.html#post


The vulnerability is at the level of the interpretation of the "Message"
field.

Indeed, the insertion of a hostile code script in this field makes it
possible to a malicious user to carry out this script on the navigator
of the visitors.


The hostile code could be :

[script]alert("Cookie="+document.cookie)[/script]

(open a window with the cookie of the visitor.)

(replace [] by <>)


SOLUTIONS
________________________________________________________________________

No solution for the moment.


VENDOR STATUS
________________________________________________________________________

The vendor has reportedly been notified.


LINKS
________________________________________________________________________

http://www.security-corp.org/index.php?ink=4-15-1

Version Française :

http://www.security-corp.org/advisories/SCSA-007-FR.txt


------------------------------------------------------------
Grégory Le Bras aka GaLiaRePt | http://www.Security-Corp.org
------------------------------------------------------------

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2002, SecurityGlobal.net LLC