AOH :: Web BBS :: etc :: HACK7280.HTM

AOH :: Web BBS :: etc :: HACK7280.HTM
BiTBOARD xss

Security Advisory: BiTBOARD xss Advisory Information -------------------- Advisory name : BiTBOARD XSS Discovered by : drhankey / it-security23.net Vendor Name : the bitshifters sdc Vendor Homepage : http://www.bitshifters.net Software : Bitboard Vulnerability Type : Cross-Site-Scripting Vulnerable Versions : 2.5 and prior Platforms : OS Independent, PHP What is Bitshifters Bitboard? ---------------------------------- Woltlab Burning Board Lite is a free message board using plain text files as database. Vulnerability Description: ------------------------- Ii's possible to inject javascript by abusing some kind of bbcode used in the posting system. Proof of Concept: ----------------- [img]path/to/some/image' onMouseover='alert("hehehe... insecure");[/img]

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better). Site design & layout copyright © 1986-2009 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.