SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Forum/Board/Portal)  >   vBulletin Vendors:   Jelsoft Enterprises
(Vendor Issues Fix) Re: vBulletin Input Validation Hole in Private Message Preview Permits Cross-Site Scripting Attacks
SecurityTracker Alert ID:  1006761
SecurityTracker URL:  http://securitytracker.com/id/1006761
CVE Reference:   CVE-2003-0295   (Links to External Site)
Updated:  Feb 28 2004
Original Entry Date:  May 15 2003
Impact:   Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 3.0.0 Beta 2
Description:   An input validation vulnerability was reported in vBulletin in the previewing of private messages. A remote user can conduct cross-site scripting attacks.

It is reported that the 'private.php' script does not properly filter user-supplied input. A remote user can create a specially crafted web form or URL that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the vBulletin and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

The report indicates that the target user may be required to be currently logged in for the exploit to work.

A demonstration exploit web form is provided in the Source Message.

Impact:   A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running vBulletin, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution:   The vendor has released a fix. According to the vendor, the affected version (vBulletin 3) is still in the private beta phase and is not yet publicly available. The fix is available to customers that are part of the private beta test.
Vendor URL:  www.vbulletin.com/ (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   This archive entry is a follow-up to the message listed below.
May 15 2003 vBulletin Input Validation Hole in Private Message Preview Permits Cross-Site Scripting Attacks



 Source Message Contents

Subject:  Re: VBulletin Preview Message - XSS Vuln


In-Reply-To: <004b01c319f8$c76cdc90$0b6aaec3@SS>

>Message-ID: <004b01c319f8$c76cdc90$0b6aaec3@SS>
>From: "Ferruh Mavituna" <ferruh@mavituna.com>
>To: <bugtraq@securityfocus.com>
>Subject: VBulletin Preview Message - XSS Vuln
>Date: Wed, 14 May 2003 12:11:11 +0300

>------------------------------------------------------
>VBulletin Private Message "Preview Message" XSS Vulnerability
>------------------------------------------------------
>Any kind of XSS attacks possibility.
>
>------------------------------------------------------
>Vendor Status;
>------------------------------------------------------
>I can not contact vendor for this issue ! No patch available at the 
moment;

This bug was fixed within ten minutes of our being told about this report.

As for claims that the reporter was unable to contact us, I am rather 
surprised - we have scoured our support ticket system which accepts all 
email for @vbulletin.com and found nothing, we have all checked our own 
email and found nothing, so I'm not sure how hard the reporter tried to 
contact us in actual fact.

vBulletin 3 is not yet in public beta, so the number of sites affected 
will be extremely small, and in any case the fixed version is available 
for those customers who are part of the private beta to download.

Kier Darby
Product Manager, vBulletin

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC