TUCoPS :: Web BBS :: etc :: web5409.htm

XMB Forum Cross Site Scripting security hole
5th Jun 2002 [SBWID-5409]
COMMAND

	XMB Forum Cross Site Scripting security hole

SYSTEMS AFFECTED

	Probably all versions

PROBLEM

	val2 [valdeux@aol.com] found a CSS vulnerability on XMB Forum:
	

	when you go to any board
	

	EX  :   http://www.xmbforum.com/community/forumdisplay.php?fid=XX,   The
	board contains, by example, \"new topic\" function.
	

	so, it contains this html code :
	

	

	  <a href=\"post.php?action=newthread&fid=XX\">

	

	

	But if we replace [XX] by [\">], it closes the link, and  anything  could
	be written after, including malicious javascript code !
	

	EXAMPLE (no risks) :
	

	

	 http://www.xmbforum.com/community/forumdisplay.php?fid=21\"><script>alert(document.cookie)</script>

	

	

	 ===> shows cookie

	

	A hacker could make his  own  http:/www.blahblah.com/sk/save_cookie.php,
	and redirect user in order to get cookie ...
	

	

	So, anybody could get cookie (and maybe password) of any brash user ...

SOLUTION

	Nothing yet.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH