RE: Open Bulletin Board javascript bug.

From: Nate Pinchot (npinchotat_private)
Date: Thu Feb 28 2002 - 06:07:00 PST

Next message: Rashed Alabbar: "NAI Gauntlet Firewall 5.5 for NT (Multiple Vendor HTTP CONNECT TCP Tunnel Vulnerability (bugtraq id 4131)"

Previous message: Mandrake Linux Security Team: "MDKSA-2002:018 - cyrus-sasl update"
Maybe in reply to: skizzikat_private: "Open Bulletin Board javascript bug."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>   OpenBB is free php-based forum.  
>
>   Exploit:
>   [img]javasCript:alert('Hello world.')[/img]
>
>   Vulnerable systems:
>   All versions of Open Bulletin Board including v.1.0.0 
>
>   Immune systems:
>   None
>
>   Solution:
>   All url's in [img] tags should start with "http://" 

I had actually informed them about this bug a long time ago and
they informed me they were working on a patch. This was 2 months
ago. Since you posted this to bugtraq they finally released a patch.
The patch can be found here:
http://community.iansoft.net/read.php?TID=5159

For any who care about the technical details of the patch,  they did
NOT filter [img] tags so that they start with http:// as suggested. They
filtered javascript: and some other hex codes. Chances are it is still
vulnerable, and I informed them of this, they don't seem to care.

Next message: Rashed Alabbar: "NAI Gauntlet Firewall 5.5 for NT (Multiple Vendor HTTP CONNECT TCP Tunnel Vulnerability (bugtraq id 4131)"
Previous message: Mandrake Linux Security Team: "MDKSA-2002:018 - cyrus-sasl update"
Maybe in reply to: skizzikat_private: "Open Bulletin Board javascript bug."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Feb 28 2002 - 22:13:22 PST