Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web BBS :: etc :: wboard~1.htm

O'Reilly WebBoard 4.10.30 execute arbitrary javascript on remote machine



Vulnerability

    WebBoard

Affected

    O'Reilly WebBoard 4.10.30

Description

    Helmuth Antholzer found following.  He found following problem  in
    the WebBoard. The Board has a paging function.  User A can send  a
    message to user B.  User B gets a javascript popup (produced  with
    alert()) with the message from user  A.  The problem is that  user
    A  can  close  the  alert()  function  and  so  he can execute his
    javascript code on user B's machine.

    Example of a message wich executes my code:

        \');for(i=0;i<100000;i++) alert("not nice"); //

    There is a function that escapes the ' but if we escape it will be
    escaped a  second time  ... the  effect is  that then  the \  will
    escaped and the  alert is closed.   So after that  we can put  our
    code!

    // (comment) this  comment is needed  becaus there is  still a ');
    from the alert, with the help of the commen this will not  produce
    an error.

Solution

    Nothing yet.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH