Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web BBS :: etc :: wboard~1.htm

O'Reilly WebBoard 4.10.30 execute arbitrary javascript on remote machine



    O'Reilly WebBoard 4.10.30


    Helmuth Antholzer found following.  He found following problem  in
    the WebBoard. The Board has a paging function.  User A can send  a
    message to user B.  User B gets a javascript popup (produced  with
    alert()) with the message from user  A.  The problem is that  user
    A  can  close  the  alert()  function  and  so  he can execute his
    javascript code on user B's machine.

    Example of a message wich executes my code:

        \');for(i=0;i<100000;i++) alert("not nice"); //

    There is a function that escapes the ' but if we escape it will be
    escaped a  second time  ... the  effect is  that then  the \  will
    escaped and the  alert is closed.   So after that  we can put  our

    // (comment) this  comment is needed  becaus there is  still a ');
    from the alert, with the help of the commen this will not  produce
    an error.


    Nothing yet.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH