NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 2002-12

From: Dorin Balanica (dorin_at_bados.com)
Date: Sat Dec 07 2002 - 22:01:20 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Description:
---------------
VBulletin discussion forum (http://www.vbulletin.com) does not properly
validate the input for html tag enabled forums, allowing arbitrary
JavaScript code to be run for any access level user.

Prof of concept:
----------------
<b onMouseOver="alert(document.location);">This piece of text could be
dangerous if you were to move your mouse over it!</b>

In action here:
http://www.vbulletin.com/admindemo/showthread.php?threadid=3

Workaround:
-----------
Disable the ability to post messages containing HTML code

Vulnerable Versions:
--------------------
2.2.7
2.2.8

Not vulnerable:
---------------
?

Special thanks
--------------
To Pete Foster <petesec-tec.demon.co.uk> for finding the same problem
in phpBB which gave me idea to investigate.

---------------------------------
Dorin Balanica
dorinbados.com
Security Officer,
bados.com

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]