Input Validation Error in vbulletin 2.2.x

From: Dorin Balanica (dorinat_private)
Date: Sat Dec 07 2002 - 20:01:20 PST

Next message: dong-h0un U: "Remote multiple vulnerability in apt-www-proxy."

Previous message: Colin Watson: "Re: Zeus Admin Server v4.1r2 index.fcgi XSS bug"
In reply to: Fabricio Angeletti: "Cross-site Scripting Vulnerability in phpBB 2.0.3"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Description:
---------------
VBulletin discussion forum (http://www.vbulletin.com) does not properly
validate the input for html tag enabled forums, allowing arbitrary
JavaScript code to be run for any access level user.

Prof of concept:
----------------
<b onMouseOver="alert(document.location);">This piece of text could be
dangerous if you were to move your mouse over it!</b>

In action here:
http://www.vbulletin.com/admindemo/showthread.php?threadid=3

Workaround:
-----------
Disable the ability to post messages containing HTML code

Vulnerable Versions:
--------------------
2.2.7
2.2.8

Not vulnerable:
---------------
?

Special thanks
--------------
To Pete Foster <pete@sec-tec.demon.co.uk> for finding the same problem
in phpBB which gave me idea to investigate.

---------------------------------
Dorin Balanica
dorinat_private
Security Officer,
bados.com

Next message: dong-h0un U: "Remote multiple vulnerability in apt-www-proxy."
Previous message: Colin Watson: "Re: Zeus Admin Server v4.1r2 index.fcgi XSS bug"
In reply to: Fabricio Angeletti: "Cross-site Scripting Vulnerability in phpBB 2.0.3"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Dec 11 2002 - 14:24:51 PST