Woltlab Burning Board Register.PHP Cross-Site Scripting Vulnerability

Bugtraq ID:	21370
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Nov 30 2006 12:00AM
Updated:	Nov 30 2006 09:19PM
Credit:	[email protected] is credited with the discovery of this vulnerability.
Vulnerable:	Woltlab Burning Board 2.3.6 Woltlab Burning Board 2.3.5 Woltlab Burning Board 2.3.4 Woltlab Burning Board 2.3.3 Woltlab Burning Board 2.3.1
Not Vulnerable:

Woltlab Burning Board Register.PHP Cross-Site Scripting Vulnerability

Woltlab Burning Board is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Woltlab Burning Board 2.3.6 and prior versions are vulnerable to this issue.

Woltlab Burning Board Register.PHP Cross-Site Scripting Vulnerability

An attacker can trigger this vulnerability by enticing a victim user to follow a malicious URI.

A sample exploit using Curl has been provided:

• /data/vulnerabilities/exploits/ 21370.curl

Woltlab Burning Board Register.PHP Cross-Site Scripting Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].

Woltlab Burning Board Register.PHP Cross-Site Scripting Vulnerability

References:

• Woltlab Burning Board Homepage (Woltlab)
  
• Woltlab Burning Board 2.3.X XSS Vulnerability (0-Day) FIXED VERSION ([email protected])