Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Software PBLang 4.65 pm.php XSS vulnerability

from [Raven] Network Security [Permanent Link]
Subject: Software PBLang 4.65 pm.php XSS vulnerability
Date: 22 Feb 2005 21:34:16 -0000 


 [][][][][][][][][][][][][][][][][][][][][][][][][][]
[][][]  
 []  
 [] HRG - Hackerlounge Research Group 
 [] Release: HRG003 
 [] Friday 11-02-05  
 [] Software PBLang 4.65 pm.php XSS vulnerability  
 []  
 [] The author can't be held responsible for any 
damage  
 [] done by a reader. You have your own resonsibility  
 [] Please use this document like it's meant to.  
 []  
 [][][][][][][][][][][][][][][][][][][][][][][][][][]
[][][]  
  
 Vulnerable: PBLang 4.65 (current) (and earlier?)  
  
  
 ---  
  
 General information:  
  
 PBLang is an international BBS-software based on 
PHP. It does not require any database but bases on a 
flatfile system. Many professional features. More 
info on the project website.  
  
  
 ---  
  
 Description:  
  
 When a user receives a PM with a HTML in the 
subject, it will be executed as soon as the user 
opens his pm.php. This may give an attacker the 
opportunity for a session steal. The link for the PM 
will not be linked, so viewing the contents of the 
message gets harder. An attacker could also flood a 
users PM box by sending messages with a title like 
&lt;script&gt;  
 and the PM will not appear in the receivers window, 
while it will say he/she has got a new PM.  
  
 ---  
  
 Proof Of Concept:  
  
 Type in the subject box "&lt;script 
language="javascript">alert("Hackerlounge.com pwns 
joo");&lt;/script&gt;" and submit. An alertbox with the 
text "Hackerlounge.com pwns joo" should come up when 
a user visits pm.php.  
  
  
 ---  
  
 Fix and Vendor status:  
  
Vendor has been notified, expect an official patch 
soon. 
  
  
 ---  
 
Credit: 
 
HRG - Hackerlounge Research Group 
Hackerlounge.com 
  
 [][][][][][][][][][][][][][][][][][][][][][][][][][]
[][][]  
 []  
 [] HRG - Hackerlounge Research Group 
 [] Release: HRG003 
 [] Friday 11-02-05  
 [] Software PBLang 4.65 pm.php XSS vulnerability  
 []  
 [] The author can't be held responsible for any 
damage  
 [] done by a reader. You have your own resonsibility  
 [] Please use this document like it's meant to.  
 []  
 [][][][][][][][][][][][][][][][][][][][][][][][][][]
[][][]
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Software PBLang 4.65 pm.php XSS vulnerability, Raven <=
Previous by Date:  Software PBLang 4.65 pmpshow.php XSS vulnerability, Raven
Next by Date:  Re: Arkeia Network Backup Client Remote Access, Arnaud Spicht
Previous by Thread:  Software PBLang 4.65 pmpshow.php XSS vulnerability, Raven
Next by Thread:  Re: Knox Arkeia remote root/system exploit, Arnaud Spicht
Indexes:  [Date] [Thread] [Top] [All Lists]