TUCoPS :: Web BBS :: etc :: hack7280.htm

BiTBOARD xss
Security Advisory: BiTBOARD xss



Advisory Information

--------------------

Advisory name		:  BiTBOARD XSS

Discovered by		:  drhankey / it-security23.net

Vendor Name		:  the bitshifters sdc

Vendor Homepage		: http://www.bitshifters.net 

Software		:  Bitboard

Vulnerability Type	:  Cross-Site-Scripting

Vulnerable Versions	:  2.5 and prior

Platforms		:  OS Independent, PHP





What is Bitshifters Bitboard?

----------------------------------

Woltlab Burning Board Lite is a free message board using plain text files as database.





Vulnerability Description:

-------------------------

Ii's possible to inject javascript by abusing some kind of bbcode used in the posting system.



Proof of Concept:

-----------------

[img]path/to/some/image' onMouseover='alert("hehehe... insecure");[/img]

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH