by r0t,der4444,cembo,VietMafia

Friday, December 16, 2005

Binary Board System XSS vuln.

Binary Board System XSS vuln.

Vuln. discovered by : r0t
Date: 16 dec. 2005
vendor:http://binary-concepts.com/cgi/bbs/
affected version:0.2.5 and prior

Product Description:

The Binary Board System (BBS) is a complete Perl/SQL bulletin board solution. Its features include a complete user login system, a multi-board interface with easy administration and categorization, and ease of customization that sets it apart from the rest.



Vuln. Description:

Binary Board System contains a flaw that allows a remote cross site scripting attack. This flaw exists because input passed to "inreplyto" "article" "branch" "board" "user" and search module paremters isn't properly sanitised before being returned to the user.
This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.



examples:

/reply.pl?board=1&article=
81&inreplyto=[XSS]&[member]=yes

/reply.pl?board=1&article=
[XSS]&inreplyto=0&[member]=yes

/reply.pl?board=[XSS]&article=
81&inreplyto=&[member]=yes

/stats.pl?action=branchdetail
&branch=[XSS]&view=posts&[member]=yes

/stats.pl?action=boarddetail&board=
[XSS]&view=posts&[member]=yes

/stats.pl?action=userdetail&user=
[XSS]&view=posts&[member]=yes

/toc.pl?board=[XSS]&[member]=yes


Solution:
Edit the source code to ensure that input is properly sanitised.

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew