|
COMMAND XMB Forum Cross Site Scripting security hole SYSTEMS AFFECTED Probably all versions PROBLEM val2 [valdeux@aol.com] found a CSS vulnerability on XMB Forum: when you go to any board EX : http://www.xmbforum.com/community/forumdisplay.php?fid=XX, The board contains, by example, \"new topic\" function. so, it contains this html code : <a href=\"post.php?action=newthread&fid=XX\"> But if we replace [XX] by [\">], it closes the link, and anything could be written after, including malicious javascript code ! EXAMPLE (no risks) : http://www.xmbforum.com/community/forumdisplay.php?fid=21\"><script>alert(document.cookie)</script> ===> shows cookie A hacker could make his own http:/www.blahblah.com/sk/save_cookie.php, and redirect user in order to get cookie ... So, anybody could get cookie (and maybe password) of any brash user ... SOLUTION Nothing yet.