TUCoPS :: HP Unsorted T

TUCoPS :: HP Unsorted T :: bu-2109.htm
There_is_a_Permanent-type_Cross-Site_Vul

=?Windows-1252?Q?There_is_a?= =?Windows-1252?Q?_Permanent?= =?Windows-1252?Q?-type_Cros?= =?Windows-1252?Q?s-Site_Vul?= =?Windows-1252?Q?nerability?= =?Windows-1252?Q?_in_=93Perso?= =?Windows-1252?Q?nal_Signat?= =?Windows-1252?Q?ure=94_in_al?= =?Windows-1252?Q?l_version_?= =?Windows-1252?Q?of_Discuz!?= =?Windows-1252?Q?._It_can_b?= =?Windows-1252?Q?e_written_?= =?Windows-1252?Q?by_the_wor?= =?Windows-1252?Q?m!?= =?Windows-1252?Q?There_is_a?= =?Windows-1252?Q?_Permanent?= =?Windows-1252?Q?-type_Cros?= =?Windows-1252?Q?s-Site_Vul?= =?Windows-1252?Q?nerability?= =?Windows-1252?Q?_in_=93Perso?= =?Windows-1252?Q?nal_Signat?= =?Windows-1252?Q?ure=94_in_al?= =?Windows-1252?Q?l_version_?= =?Windows-1252?Q?of_Discuz!?= =?Windows-1252?Q?._It_can_b?= =?Windows-1252?Q?e_written_?= =?Windows-1252?Q?by_the_wor?= =?Windows-1252?Q?m!?=



There is a Permanent-type Cross-Site Vulnerability in =93Personal Signature=94 in all version of Discuz!. It can be written by the worm!
 
 
Discuz! do not filter the Malicious code when user enter their personal signature=2C attacker can enter the xss code=2C Discuz! will save and run it! It maybe lead the propagation of worm!
 
 
 

For example:
 
we can register an user=2C and enter the xss code to our personal signature! 
 
like:
 
 
 
Vulnerable:  Discuz! <=7.2    all version!
 
 
 
 
Liscker
2010.03.24 		 	   		  
</b></font></pre></tt></body></html>


<!-- google_ad_section_end -->
<p><center>

<p></center>
<center><a href="/firefox.htm">TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).</a></center>
<font size=1><center>Site design & layout copyright © 1986-2024 AOH</font>
</center>
<br><center><IMG SRC="http://artofhacking.com/cgi-bin/sc/sc.cgi?acct=tucops&font=payphone-med"></center>
<p>
</body>
</html>