Home page logo
/

bugtraq logo Bugtraq mailing list archives

RE: Open Bulletin Board javascript bug.
From: "Nate Pinchot" <npinchot () ccservice cc>
Date: Thu, 28 Feb 2002 09:07:00 -0500

  OpenBB is free php-based forum.  

  Exploit:
  [img]javasCript:alert('Hello world.')[/img]

  Vulnerable systems:
  All versions of Open Bulletin Board including v.1.0.0 

  Immune systems:
  None

  Solution:
  All url's in [img] tags should start with "http://"; 

I had actually informed them about this bug a long time ago and
they informed me they were working on a patch. This was 2 months
ago. Since you posted this to bugtraq they finally released a patch.
The patch can be found here:
http://community.iansoft.net/read.php?TID=5159

For any who care about the technical details of the patch,  they did
NOT filter [img] tags so that they start with http:// as suggested. They
filtered javascript: and some other hex codes. Chances are it is still
vulnerable, and I informed them of this, they don't seem to care.


  By Date           By Thread  

Current thread:
  • RE: Open Bulletin Board javascript bug. Nate Pinchot (Mar 01)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]