Description:
---------------
VBulletin discussion forum (http://www.vbulletin.com) does not properly
validate the input for html tag enabled forums, allowing arbitrary
JavaScript code to be run for any access level user.
Prof of concept:
----------------
<b onMouseOver="alert(document.location);">This piece of text could be
dangerous if you were to move your mouse over it!</b>
In action here:
http://www.vbulletin.com/admindemo/showthread.php?threadid=3
Workaround:
-----------
Disable the ability to post messages containing HTML code
Special thanks
--------------
To Pete Foster <pete (at) sec-tec.demon.co (dot) uk [email concealed]> for finding the same problem
in phpBB which gave me idea to investigate.
---------------
VBulletin discussion forum (http://www.vbulletin.com) does not properly
validate the input for html tag enabled forums, allowing arbitrary
JavaScript code to be run for any access level user.
Prof of concept:
----------------
<b onMouseOver="alert(document.location);">This piece of text could be
dangerous if you were to move your mouse over it!</b>
In action here:
http://www.vbulletin.com/admindemo/showthread.php?threadid=3
Workaround:
-----------
Disable the ability to post messages containing HTML code
Vulnerable Versions:
--------------------
2.2.7
2.2.8
Not vulnerable:
---------------
?
Special thanks
--------------
To Pete Foster <pete (at) sec-tec.demon.co (dot) uk [email concealed]> for finding the same problem
in phpBB which gave me idea to investigate.
---------------------------------
Dorin Balanica
dorin (at) bados (dot) com [email concealed]
Security Officer,
bados.com
[ reply ]