PBLang Bulletin Board System PMPShow.PHP HTML Injection Vulnerability
BID:12633
Info
PBLang Bulletin Board System PMPShow.PHP HTML Injection Vulnerability
| Bugtraq ID: | 12633 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 23 2005 12:00AM |
| Updated: | Feb 23 2005 12:00AM |
| Credit: | Discovery of this vulnerability is credited to HRG - Hackerlounge Research Group. |
| Vulnerable: |
PBLang PBLang 4.65 |
| Not Vulnerable: | |
Discussion
PBLang Bulletin Board System PMPShow.PHP HTML Injection Vulnerability
PBLang is reportedly affected by a HTML injection vulnerability. This issue exists because the application fails to properly sanitize user-supplied input.
The attacker-supplied HTML and script code would be able to access properties of the site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user. Other attacks are also possible.
This issue was reported to affect PBLang 4.65; earlier versions may also be vulnerable.
PBLang is reportedly affected by a HTML injection vulnerability. This issue exists because the application fails to properly sanitize user-supplied input.
The attacker-supplied HTML and script code would be able to access properties of the site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user. Other attacks are also possible.
This issue was reported to affect PBLang 4.65; earlier versions may also be vulnerable.
Exploit / POC
PBLang Bulletin Board System PMPShow.PHP HTML Injection Vulnerability
No exploit is required.
No exploit is required.
Solution / Fix
PBLang Bulletin Board System PMPShow.PHP HTML Injection Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
PBLang Bulletin Board System PMPShow.PHP HTML Injection Vulnerability
References:
References:
- PBLang Forum Homepage (PBLang)
- Software PBLang 4.65 pmpshow.php XSS vulnerability (HRG - Hackerlounge Research Group)