SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


Try our Premium Alert Service
 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service





Category:   Application (Forum/Board/Portal)  >   WoltLab Burning Board (wBB) Vendors:   Woltlab
WoltLab Burning Board Input Validation Bug in 'wiw.php' Lets Remote Users Conduct Cross-Site Scripting Attacks
SecurityTracker Alert ID:  1006083
SecurityTracker URL:  http://securitytracker.com/id/1006083
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Feb 12 2003
Impact:   Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Exploit Included:  Yes  
Version(s): wBB2; 2.0, 2.0.1, 2.0.2
Description:   Hendrik Richter reported an input validation vulnerability in the WoltLab Burning Board (wBB) forum software. A remote user can conduct cross-site scripting attacks against wBB users.

It is reported that the 'wiw.php' script does not properly filter user-supplied input in the 'sortby' and 'order' parameters to remove HTML code.

A remote user can create a specially crafted URL that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the wBB 2 forum software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

A demonstration exploit URL is provided:

/board/wiw.php?sid=&order=%22%3E%3Cscript%20type=%22text/javascript%22%3Ealert(document.cookie);%3C/script%3E%3Cb%20%22

The vendor has reportedly been notified.

Impact:   A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running wBB 2, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution:   No vendor solution was available at the time of this entry.

The author of the report has indicated that, as a workaround, you can disable automatic refresh in wiw.php by using the Admin Control Panel (ACP).

Vendor URL:  www.woltlab.de/ (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
(Vendor Issues Fix) Re: WoltLab Burning Board Input Validation Bug in 'wiw.php' Lets Remote Users Conduct Cross-Site Scripting Attacks
The vendor has issued a fix.



 Source Message Contents

Subject:  Woltlab Burning Board allows users to insert dangerous JavaScript



Hallo,

I've found a bug in Woltlab's Burning Board, the programmers are also informed:

----------------------------------------------------------------------
Woltlab Burning Board allows users to insert dangerous JavaScript

Impact:  Disclosure of authentication information, Disclosure of user information, Execution of
arbitrary code via network, Modification of user information, User access via network, etc.

Exploit Included:  Yes  

Version(s): wBB 2: Betas, RCs, 2.0, 2.0.1, 2.0.2

Description:  An input validation vulnerability was reported in Woltlab Burning Board. A remote user
can conduct cross-site scripting attacks against wBB users in wiw.php. Woltab failes to filter
$_GET['sortby'] and $_GET['order'] from JavaScript-Code.

A demonstration exploit tag is provided:
Browse ton URI
/board/wiw.php?sid=&order=%22%3E%3Cscript%20type=%22text/javascript%22%3Ealert(document.cookie);%3C/script%3E%3Cb%20%22

Solution:  Disable automatic refresh in wiw.php (use the ACP)

Vendor URL:  www.woltlab.de/ (Links to External Site)

Cause:  Input validation error

Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Reported By:  "Hendrik Richter" <info@naggel.com>

Message History:   None. 
----------------------------------------------------------------------

Sincerly,

Hendrik Richter


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2018, SecurityGlobal.net LLC