BiTBOARD IMG BBCode Tag JavaScript Injection Vulnerability
BID:12248
Info
BiTBOARD IMG BBCode Tag JavaScript Injection Vulnerability
| Bugtraq ID: | 12248 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 12 2005 12:00AM |
| Updated: | Jan 12 2005 12:00AM |
| Credit: | Discovery of this vulnerability is credited to Martin Heistermann <[email protected]>. |
| Vulnerable: |
BiTSHiFTERS BiTBOARD 2.5 BiTSHiFTERS BiTBOARD 2.0 |
| Not Vulnerable: | |
Discussion
BiTBOARD IMG BBCode Tag JavaScript Injection Vulnerability
BiTBOARD is reported prone to a JavaScript injection vulnerability. It is reported that the BBCode 'IMG' tag is not sufficiently sanitized of malicious script content.
Injected code may be rendered in the web browser of a user who views vulnerable areas of the site. This would occur in the security context of the site hosting BiTBOARD.
BiTBOARD is reported prone to a JavaScript injection vulnerability. It is reported that the BBCode 'IMG' tag is not sufficiently sanitized of malicious script content.
Injected code may be rendered in the web browser of a user who views vulnerable areas of the site. This would occur in the security context of the site hosting BiTBOARD.
Exploit / POC
BiTBOARD IMG BBCode Tag JavaScript Injection Vulnerability
The following example is available:
[img]path/to/some/image' onMouseover='alert("hehehe... insecure");[/img]
The following example is available:
[img]path/to/some/image' onMouseover='alert("hehehe... insecure");[/img]
Solution / Fix
BiTBOARD IMG BBCode Tag JavaScript Injection Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
BiTBOARD IMG BBCode Tag JavaScript Injection Vulnerability
References:
References:
- BiTBOARD Homepage (BiTSHiFTERS)
- Security Advisory: BiTBOARD xss (Martin Heistermann
)