邪恶八进制信息安全团队技术讨论组's Archiver

EvilOctal 2005-1-14 01:05

[转载]Security Advisory BiTBOARD xss

信息来源:[url]www.securityfocus.com[/url]

Advisory Information
--------------------
Advisory name : BiTBOARD XSS
Discovered by : drhankey / it-security23.net
Vendor Name : the bitshifters sdc
Vendor Homepage : [url]http://www.bitshifters.net[/url]
Software : Bitboard
Vulnerability Type : Cross-Site-Scripting
Vulnerable Versions : 2.5 and prior
Platforms : OS Independent, PHP


What is Bitshifters Bitboard?
----------------------------------
Woltlab Burning Board Lite is a free message board using plain text files as database.


Vulnerability Description:
-------------------------
Ii's possible to inject javascript by abusing some kind of bbcode used in the posting
system.

Proof of Concept:
-----------------
[code][img]path/to/some/image' onMouseover='alert("hehehe... insecure");[/img][/code]

页: [1]
© 1999-2008 EvilOctal Security Team