XMB cross-scripting vulnerability

From: skizzikat_private
Date: Fri Feb 22 2002 - 06:00:58 PST

Next message: Corey J. Steele: "RE: UPDATE: [wcolburnat_private: SMTP relay through checkpoint fire wall]"

Previous message: david evlis reign: "Re: Cert Advisory 2002-03 and HP JetDirect"
Next in thread: skizzikat_private: "Open Bulletin Board javascript bug."
Reply: skizzikat_private: "Open Bulletin Board javascript bug."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

   XMB is a php-based forum. This product contain a 
Cross Site Scripting vulnerability that allows 
attackers to insert JavaScript code (and other HTML 
code) into existing messages, bypassing the internal 
JavaScript/HTML code stripper.

   Exploit:
   [img]javasCript:alert('Hello world.')[/img]

   Vulnerable systems:
   All versions of XMB board, including  last version -
   XMB 1.6x Magic Lantern

   Immune systems:
   None

   Possible solution:
   Searching the image URL for the text "javascript:" 
should solve the problem

                                      SliderGod.

Next message: Corey J. Steele: "RE: UPDATE: [wcolburnat_private: SMTP relay through checkpoint fire wall]"
Previous message: david evlis reign: "Re: Cert Advisory 2002-03 and HP JetDirect"
Next in thread: skizzikat_private: "Open Bulletin Board javascript bug."
Reply: skizzikat_private: "Open Bulletin Board javascript bug."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Feb 23 2002 - 07:44:26 PST