[NEWS] Cross Site Scripting in OneCenter Forum

support_at_securiteam.com
Date: 04/28/03

Next message: support_at_securiteam.com: "[EXPL] PoPToP PPTP Server Remote Exploit Code Released"

Previous message: support_at_securiteam.com: "[UNIX] Multiple Vulnerabilities Found in phpSysInfo"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: list@securiteam.com
Date: 28 Apr 2003 15:59:56 +0200

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

In the US?

Contact Beyond Security at our new California office
housewarming rates on automated network vulnerability
scanning. We also welcome ISPs and other resellers!

Please contact us at: 323-882-8286 or ussales@beyondsecurity.com
- - - - - - - - -

Cross Site Scripting in OneCenter Forum
------------------------------------------------------------------------

SUMMARY

<http://forum.onecenter.com/> OneCenter offers a free discussion forum
hosted in the company's servers (forum.onecenter.com). Any user in the
forum is identified by a cookie that contains nick, name, mail address,
and password. A cross-site scripting vulnerability allows remote attackers
to grab users' sensitive information.

DETAILS

Vulnerable systems:
* OneCenter forum version 4.0

This information can be easily obtained as you can add in your posts the
img html tag with a custom script as follows:
<img src=javascript:alert(document.cookie);>

To impersonate any user in the forum (OneCenter administrators would be a
good choice) you just have to build a cookie like the one obtained and
visit the forum.

ADDITIONAL INFORMATION

The information has been provided by <mailto:conde0@telefonica.net> David
F. Madrid.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Next message: support_at_securiteam.com: "[EXPL] PoPToP PPTP Server Remote Exploit Code Released"

Previous message: support_at_securiteam.com: "[UNIX] Multiple Vulnerabilities Found in phpSysInfo"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

[Full-disclosure] iDefense Security Advisory 06.12.07: YaBB Forum member.vars CRLF Injection Pri
... YaBB Forum member.vars CRLF Injection Privilege Escalation Vulnerability ... their privileges to that of the forum Administrator. ... iDefense confirmed the existence of this vulnerability within version ...
(Full-Disclosure)
[Full-disclosure] Ultimate Forum Password Database Vulnerability
... " Ultimate Forum Password Database Vulnerability " ... The application has stored database for Administration on the directory called ... EncryptUserID = CryptText ...
(Full-Disclosure)
Re: It seems every firewall is slagged as snake oil. So how should it be done?
... It use to be on the ZA forum. ... There is a chance I am slightly off a tad. ... It exploited a vulnerability in Windows' RPC service. ...
(comp.security.firewalls)
[Full-disclosure] (no subject)
... This was initially posted on Ofbiz JIRA issue ... Repeating the vulnerability is straight forward: ... Log in and browse to forum (with default install you will see Browse ...
(Full-Disclosure)