[UNIX] Multiple Vulnerabilities in PostBoard
From: support@securiteam.comDate: 04/17/02
- Previous message: support@securiteam.com: "[NEWS] Unchecked Buffer in Internet Explorer and Office for Mac Can Cause Code to Execute"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Wed, 17 Apr 2002 12:06:51 +0200 (CEST)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
Multiple Vulnerabilities in PostBoard
------------------------------------------------------------------------
SUMMARY
<http://www.nukeaddon.com> PostBoard is an add-on module for the PostNuke
content management system that implements a forum system. Several security
vulnerabilities have been found in the product, two cross-site scripting
issues, and one CPU and Database corruption vulnerability.
DETAILS
BBCode IMG tag cross-site scripting
PostBoard uses the common BBCode markup system that uses tags similar to
HTML. The [IMG] tag will accept any source including JavaScript.
For example:
[IMG]javascript:alert('give me cookies');[/IMG]
The above JavaScript will be executed on the victim's machine upon viewing
a message that contains it.
Topic title cross-site scripting
When adding a new topic to a forum a user enters a title for their new
topic. The topic title can contain any valid HTML code including <script>
tags. For example, you can create a topic with the following title and the
script will be executed when someone views the list of topics in a forum:
<script>alert('give me cookies');</script>
BBCode encoding problems
A recent <http://www.securiteam.com/unixfocus/5EP001P6VA.html> advisory
from Whitecell exposed vulnerabilities in phpBB's handling of nested
BBCode tags that would lead to database corruption and high CPU usage.
PostBoard appears to use the same code as phpBB for encoding BBCode tags
to HTML. It would be fair to assume that PostBoard suffers from the same
problems as phpBB in this regard.
Vendor status:
Vendor was notified of Whitecell advisory on the 7th of April. Vendor was
notified of the first two problems on the 8th of April.
A reply was received on 9th stating that fixes would be available in the
next version. No date was given.
Workarounds:
The only practical workaround for these problems is to remove PostBoard
from your site, or deny access to it until a fix is released. On the other
hand, you can try and patch it yourself.
ADDITIONAL INFORMATION
The information has been provided by <mailto:gcsbnz@yahoo.com> gcsb.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[NEWS] Unchecked Buffer in Internet Explorer and Office for Mac Can Cause Code to Execute"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
