PunBB Multiple HTML Injection Vulnerabilities
BID:12828
Info
PunBB Multiple HTML Injection Vulnerabilities
| Bugtraq ID: | 12828 |
| Class: | Input Validation Error |
| CVE: |
CVE-2005-0818 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 16 2005 12:00AM |
| Updated: | Jul 12 2009 10:56AM |
| Credit: | Discovery is credited to benji lemien <[email protected]>. |
| Vulnerable: |
PunBB PunBB 1.2.3 |
| Not Vulnerable: |
PunBB PunBB 1.2.4 |
Discussion
PunBB Multiple HTML Injection Vulnerabilities
PunBB is reportedly affected by multiple HTML injection vulnerabilities.
An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible such as the theft of cookie-based authentication credentials.
PunBB 1.2.3 is reported vulnerable, however, other versions may be affected as well.
PunBB is reportedly affected by multiple HTML injection vulnerabilities.
An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible such as the theft of cookie-based authentication credentials.
PunBB 1.2.3 is reported vulnerable, however, other versions may be affected as well.
Exploit / POC
PunBB Multiple HTML Injection Vulnerabilities
No exploit is required.
The following proof of concept is available:
example@"/><script>alert()</script>.com
No exploit is required.
The following proof of concept is available:
example@"/><script>alert()</script>.com
Solution / Fix
PunBB Multiple HTML Injection Vulnerabilities
Solution:
This issue has been addressed in PunBB 1.2.4.
PunBB PunBB 1.2.3
Solution:
This issue has been addressed in PunBB 1.2.4.
PunBB PunBB 1.2.3
-
PunBB punbb-1.2.4.zip
http://www.punbb.org/download/museum/punbb-1.2.4.zip