[KAPDA::#12] - ekinboard XSS and HTML Injection

From: alireza hassani (trueend5_at_yahoo.com)
Date: 11/14/05

  • Next message: security-alert_at_hp.com: "[security bulletin] HPSBUX02075 SSRT051074 - HP-UX Running xterm Local Unauthorized Access"
    Date: Mon, 14 Nov 2005 06:11:09 -0800 (PST)
    To: bugtraq@securityfocus.com
    
    

    [KAPDA::#12] - ekinboard XSS and HTML Injection
    KAPDA New advisory
    Vendor: http://www.ekinboard.com
    Vulnerable Version: 1.0.3
    Bug: XSS and HTML Injection
    Exploitation: Remote with browser
    Description:
    --------------------
    ekinboard is an open source forum software designed
    and programmed by ekindesigns. It is constantly being
    updated and is always getting easier to use!

    Vulnerability:
    --------------------
    HTML Injection: The software does not properly filter
    HTML tags in post titles that may allow a remote user
    to inject HTML/javascript codes. The hostile code may
    be rendered in the web browser of the victim user who
    will visit the board (persistent).
    XSS:
    XSS Vulnerability in 'profile.php' "user rating" that
    may allow a remote user to launch cross-site scripting
    attacks.
    This issue could permit a remote attacker to create a
    malicious URI link that includes hostile HTML and
    script code. If this link were to be followed, the
    hostile code may be rendered in the web browser of the
    victim user. This would occur in the security context
    of the affected Web site.(victim must be logged in to
    enable rating)
    Demonstration URL :
    --------------------
    http://localhost/ekinboard/profile.php?id=2'%3E%3CIFRAME%20SRC=javascript:alert(%2527xss%2527)%3E%3C/IFRAME%3E
    Solution:
    --------------------
    There is no vendor-supplied patch for this issue at
    this time.

    More Detail:
    --------------------
    http://irannetjob.com/content/view/162/28/
    Credit :
    --------------------
    Discovered & released by trueend5 (trueend5 kapda ir)
    Security Science Researchers Institute Of Iran
    [http://www.KAPDA.ir]

                    
    __________________________________
    Yahoo! FareChase: Search multiple travel sites in one click.
    http://farechase.yahoo.com


  • Next message: security-alert_at_hp.com: "[security bulletin] HPSBUX02075 SSRT051074 - HP-UX Running xterm Local Unauthorized Access"

    Relevant Pages

    • [KAPDA::#19] - Html Injection in vBulletin 3.5.2
      ... Html Injection (Second order cross site ... Exploitation: Remote with browser ... The hostile code will be rendered in the web browser ...
      (Bugtraq)
    • [KAPDA::#14] - PHPPost XSS and HTML Injection
      ... Exploitation: Remote with browser ... HTML Injection: The software does not properly filter ... HTML tags in post subject that may allow a remote user ... XSS Vulnerability in 'profile.php' & 'mail.php' that ...
      (Bugtraq)
    • [Full-disclosure] Orkut Multiple Cross Site Scripting Vulnerabilities
      ... Orkut Multiple Cross Site Scripting Vulnerabilities ... Vulnerability Discovered: November 18th 2006 ... A remote attacker can craft a GET request with the XSS payload as ... info, hardware Info, modification of page or html injection, url ...
      (Full-Disclosure)
    • [VulnWatch] Orkut Multiple Cross Site Scripting Vulnerabilities
      ... Orkut Multiple Cross Site Scripting Vulnerabilities ... Vulnerability Discovered: November 18th 2006 ... A remote attacker can craft a GET request with the XSS payload as ... info, hardware Info, modification of page or html injection, url ...
      (VulnWatch)