[XSS] paBox 1.6

From: Rift (Sean_at_Sage-web.com)
Date: 03/03/05

  • Next message: Conectiva Updates: "[CLA-2005:928] Conectiva Security Announcement - clamav"
    Date: 3 Mar 2005 09:52:11 -0000
    To: bugtraq@securityfocus.com
    
    
    ('binary' encoding is not supported, stored as-is)

    Just wanted to let it be known seeing as i havent seen any info on this yet, ive discovered a cross scripting problem in PABox 1.6

    http://phpnuke.org/modules.php?name=News&file=article&sid=5065

    they give a demo page of pabox there. if you take the default form used for the shoutbox, there are always two parameters marked as hidden:

    <input type="hidden" name="date"...
    and
    <input type="hidden" name="time"...

    you can easily extract the form from anysite's pabox and change the date value to "text" and inject scripting code into it.. for example

    <h1><marquee>&lt;script&gt;document.write(document.cookie);&lt;/script&gt;</marquee></h1><noscript>

    obviously your code can be modified to do anything of your liking.


  • Next message: Conectiva Updates: "[CLA-2005:928] Conectiva Security Announcement - clamav"