[][][][][][][][][][][][][][][][][][][][][][][][][][]
[][][]
[]
[] HRG - Hackerlounge Research Group
[] Release: HRG002
[] Friday 11-02-05
[] Software PBLang 4.65 pmpshow.php XSS
vulnerability
[]
[] The author can't be held responsible for any
damage
[] done by a reader. You have your own resonsibility
[] Please use this document like it's meant to.
[]
[][][][][][][][][][][][][][][][][][][][][][][][][][]
[][][]
Vulnerable: PBLang 4.65 (current) (and earlier?)
---
General information:
PBLang is an international BBS-software based on
PHP. It does not require any database but bases on a
flatfile system. Many professional features. More
info on the project website.
---
Description:
pmpshow.php shows the pm's a user has received,
however, the body of the received PM is not checked
for any harmfull characters like < > and ". An
attacker could steal sessions or do other things with
javascript.
---
Proof Of Concept:
Type "<script
language="javascript">alert("Hackerlounge.com pwns
joo");</script>" in the body of the PM your going to
send a victim. An alertbox saying "Hcakerlounge.com
pwns joo" should pop up.
---
Fix and Vendor status:
The vendor has been notified and a patch is
"pending".
---
[][][][][][][][][][][][][][][][][][][][][][][][][][]
[][][]
[]
[] HRG - Hackerlounge Research Group
[] Release: HRG002
[] Friday 11-02-05
[] Software PBLang 4.65 pmpshow.php XSS
vulnerability
[]
[] The author can't be held responsible for any
damage
[] done by a reader. You have your own resonsibility
[] Please use this document like it's meant to.
[]
[][][][][][][][][][][][][][][][][][][][][][][][][][]
[][][]
[][][][][][][][][][][][][][][][][][][][][][][][][][]
[][][]
[]
[] HRG - Hackerlounge Research Group
[] Release: HRG002
[] Friday 11-02-05
[] Software PBLang 4.65 pmpshow.php XSS
vulnerability
[]
[] The author can't be held responsible for any
damage
[] done by a reader. You have your own resonsibility
[] Please use this document like it's meant to.
[]
[][][][][][][][][][][][][][][][][][][][][][][][][][]
[][][]
Vulnerable: PBLang 4.65 (current) (and earlier?)
---
General information:
PBLang is an international BBS-software based on
PHP. It does not require any database but bases on a
flatfile system. Many professional features. More
info on the project website.
---
Description:
pmpshow.php shows the pm's a user has received,
however, the body of the received PM is not checked
for any harmfull characters like < > and ". An
attacker could steal sessions or do other things with
javascript.
---
Proof Of Concept:
Type "<script
language="javascript">alert("Hackerlounge.com pwns
joo");</script>" in the body of the PM your going to
send a victim. An alertbox saying "Hcakerlounge.com
pwns joo" should pop up.
---
Fix and Vendor status:
The vendor has been notified and a patch is
"pending".
---
[][][][][][][][][][][][][][][][][][][][][][][][][][]
[][][]
[]
[] HRG - Hackerlounge Research Group
[] Release: HRG002
[] Friday 11-02-05
[] Software PBLang 4.65 pmpshow.php XSS
vulnerability
[]
[] The author can't be held responsible for any
damage
[] done by a reader. You have your own resonsibility
[] Please use this document like it's meant to.
[]
[][][][][][][][][][][][][][][][][][][][][][][][][][]
[][][]
[ reply ]