Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web BBS :: etc :: web5441.htm

Splatt Forum cross site scripting vulnerability
14th Jun 2002 [SBWID-5441]

	Splatt Forum cross site scripting vulnerability


	Splatt Forum 3.0


	MegaHz [] found following:


	Splatt forum uses a user provided string (through the [IMG] tag) in  the
	following HTML tag:

	<img src=\"$user_provided\" border=\"0\" />



	While there is a check to force the string to begin with \"http://\"  it
	doesn\'t disallow the symbol: \". This means that a malicious  user  can
	escape the src=\"\" in the HTML tag and insert his own HTML  code.  This
	same problem also exists in the remote avatar part of the user profile.





	Enter the following anywhere in a message:




	After that, anyone reading the message  should  see  a  popup  with  his





	Malicious  users  can  steal  other  users\'  and  the  administrator\'s
	cookies. This would allow the attacker to  impersonate  other  users  on
	the board and access to the administration panel.


	Upgrade to the latest version of Splatt (version 3.1).  Download  splatt




TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH