Home page logo

bugtraq logo Bugtraq mailing list archives

ZH2003-15SA (security advisory): IdealBB XSS Vulnerability
From: G00db0y <G00db0y () zone-h org>
Date: 8 Aug 2003 12:47:41 -0000

ZH2003-15SA (security advisory): IdealBB XSS Vulnerability

Published: 7 august 2003

Released: 7 august 2003

Name: IdealBB 

Affected Systems: 1.4.9 beta

Issue: Remote attackers can inject XSS script

Author: G00db0y () zone-h org

Vendor: http://www.idealbb.com



Zone-h Security Team has discovered a flaw in 
IdealBB 1.4.9  (and older versions?). "The Ideal Bulletin Board 
(Ideal BB) is a powerful, scalable, and very user friendly 
bulletin board program that utilitzes SQL server on the backend
 and ASP and COM on the front end."


error.asp which is supposed to handle error messages,seems unfiltered
agains Cross-Site Scripting. Which is allow any attacked to inject XSS





The vendor has been contacted and a patch was produced



Filter the script

G00db0y - www.zone-h.org admin

Original advisory here: http://www.zone-h.org/en/advisories/read/id=2838/

  By Date           By Thread  

Current thread:
  • ZH2003-15SA (security advisory): IdealBB XSS Vulnerability G00db0y (Aug 08)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]