SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Forum/Board/Portal)  >   WoltLab Burning Board (wBB) Vendors:   Woltlab
WoltLab Burning Board PHP-based Forum Software Has Input Filtering Flaws That Allow Cross-Site Scripting Attacks
SecurityTracker Alert ID:  1004139
SecurityTracker URL:  http://securitytracker.com/id/1004139
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Apr 24 2002
Impact:   Disclosure of authentication information, Execution of arbitrary code via network, User access via network
Exploit Included:  Yes  
Version(s): 1.1.0 and prior versions
Description:   Several vulnerabilities were reported in WoltLab Burning Board (wBB). A remote user can conduct cross-site scripting attacks against forum users to gain access to user and administrator accounts on the system.

It is reported that a remote user can submit a message to the forum that contains javascript within a bbcode image tag '[img]', as scripting code is not filtered by the bulletin board. The following is an example of javascript that will not be filtered:

[img]javascript:alert('XSS')[/img]

Then, when a target (victim) wBB user views the message with the embedded malicious image tag, the javascript will be executed by the target user's browser. This code will originate from the site running wBB and will run in the security context of that site. As a result, the code will be able to access the target user's cookies associated with the site and send the cookies to a remote site.

Once a remote user has obtained the authentication cookies of another wBB user, the remote user can gain access to that user's account by accessing the wBB site and sending the authentication cookies to the server.

For more information, see the original report (French language):

http://www.ifrance.com/kitetoua/tuto/wbboard.txt

Impact:   A remote user can cause arbitrary javascript to be executed on another wBB user's computer to steal that user's authentication cookies associated with wBB. Then, the remote user can access the wBB user's account.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.woltlab.com/ (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   None.


 Source Message Contents

Subject:  Security holes in WoltLab Burning Board




Product :
WoltLab Burning Board
http://www.woltlab.de

Versions :
1.1.0 and less

Problems :
- XSS
- Access to users/admins accounts

More details in french :
http://www.ifrance.com/kitetoua/tuto/wbboard.txt

translated by google :
http://translate.google.com/translate?u=http%3A%
2F%2Fwww.ifrance.com%2Fkitetoua%2Ftuto%
2Fwbboard.txt&langpair=fr%7Cen&hl=en&prev=%
2Flanguage_tools

frog-m@n

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC