BugTraq
Back to list
|
Post reply
Security Advisory: BiTBOARD xss
Jan 12 2005 05:58PM
Martin Heistermann (martin heistermann web de)
Advisory Information
--------------------
Advisory name : BiTBOARD XSS
Discovered by : drhankey / it-security23.net
Vendor Name : the bitshifters sdc
Vendor Homepage : http://www.bitshifters.net
Software : Bitboard
Vulnerability Type : Cross-Site-Scripting
Vulnerable Versions : 2.5 and prior
Platforms : OS Independent, PHP
What is Bitshifters Bitboard?
----------------------------------
Woltlab Burning Board Lite is a free message board using plain text files as database.
Vulnerability Description:
-------------------------
Ii's possible to inject javascript by abusing some kind of bbcode used in the posting system.
Proof of Concept:
-----------------
[img]path/to/some/image' onMouseover='alert("hehehe... insecure");[/img]
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
Advisory Information
--------------------
Advisory name : BiTBOARD XSS
Discovered by : drhankey / it-security23.net
Vendor Name : the bitshifters sdc
Vendor Homepage : http://www.bitshifters.net
Software : Bitboard
Vulnerability Type : Cross-Site-Scripting
Vulnerable Versions : 2.5 and prior
Platforms : OS Independent, PHP
What is Bitshifters Bitboard?
----------------------------------
Woltlab Burning Board Lite is a free message board using plain text files as database.
Vulnerability Description:
-------------------------
Ii's possible to inject javascript by abusing some kind of bbcode used in the posting system.
Proof of Concept:
-----------------
[img]path/to/some/image' onMouseover='alert("hehehe... insecure");[/img]
[ reply ]