Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

WoltLab Burning Board <= 2.3.1 PL2 - XSS Vulnerability (24.04.05)

from [admin] Network Security [Permanent Link]
Subject: WoltLab Burning Board <= 2.3.1 PL2 - XSS Vulnerability (24.04.05)
Date: 24 Apr 2005 15:29:20 -0000 


WoltLab Burning Board <= 2.3.1 PL2 - XSS Vulnerability 

Vendor:  WoltLab
URL:     http://www.woltlab.de/
Version: <= 2.3.1 PL 2
Type:    XSS

Discovered by [R] and deluxe89



Description:
--------------------------------
The WoltLab Burning Board is a high customisable forum software for every kind 
of use.

See [1] for a detailed description.



Cross Site Scripting:
--------------------------------
It's possible to inject malicious code in the "folderid"-variable in pms.php.

/pms.php?folderid=[XSS]



Patch:
--------------------------------
There isn't a patch from the vendor, but you can use htmlspecialchars() to fix 
it.



Visit
--------------------------------
http://www.batznet.com/
http://www.security-project.org/


Vendor contacted.
Greetz to 2lm, reddi, EaTh, Madinfect and darkkilla


[1] http://www.woltlab.de/products/burning_board/index_en.php
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • WoltLab Burning Board <= 2.3.1 PL2 - XSS Vulnerability (24.04.05), admin <=
Previous by Date:  RE: New auto download / install / exploit URL?, Geoff Vass
Next by Date:  remote command execution in ad.cgi script, fireboy fireboy
Previous by Thread:  remote command execution in forum.pl script, fireboy fireboy
Next by Thread:  remote command execution in ad.cgi script, fireboy fireboy
Indexes:  [Date] [Thread] [Top] [All Lists]