Ultimate Bulletin Board [IMG] Tag Javascript Embedding Vulnerability
BID:2408
Info
Ultimate Bulletin Board [IMG] Tag Javascript Embedding Vulnerability
| Bugtraq ID: | 2408 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Feb 21 2001 12:00AM |
| Updated: | Feb 21 2001 12:00AM |
| Credit: | This vulnerability was announced to Bugtraq by Scott Ashman <[email protected]> on February 21, 2001. |
| Vulnerable: |
Infopop Ultimate Bulletin Board 5.0 .x Beta |
| Not Vulnerable: | |
Discussion
Ultimate Bulletin Board [IMG] Tag Javascript Embedding Vulnerability
Ultimate Bulletin Board is a free software package available from Infopop. The UBB package is a web based bulletin board package designed to offer discussion forums from a web interface.
A problem with a beta version of the software could allow the retrieval of user cookies. Upon logging into the UBB, cookies containing user information are stored on the users drive. These cookies normally contain sensitive information, such as the login name and password. Due to the insufficient checking of input by the bulletin board, it is possible to embed a single line of javascript between the [img] tags and post the code to the bulletin board. Upon replying to the message, a users browser would then interpret and execute the javascript, sending the information to a remote site. The problem can be exploited while the HTML bulletin board post option is turned off.
This makes it possible for a user with malicious motives to post a message to the bulletin board containing malicious code, and retrieve the users cookie.
Ultimate Bulletin Board is a free software package available from Infopop. The UBB package is a web based bulletin board package designed to offer discussion forums from a web interface.
A problem with a beta version of the software could allow the retrieval of user cookies. Upon logging into the UBB, cookies containing user information are stored on the users drive. These cookies normally contain sensitive information, such as the login name and password. Due to the insufficient checking of input by the bulletin board, it is possible to embed a single line of javascript between the [img] tags and post the code to the bulletin board. Upon replying to the message, a users browser would then interpret and execute the javascript, sending the information to a remote site. The problem can be exploited while the HTML bulletin board post option is turned off.
This makes it possible for a user with malicious motives to post a message to the bulletin board containing malicious code, and retrieve the users cookie.
Exploit / POC
Ultimate Bulletin Board [IMG] Tag Javascript Embedding Vulnerability
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
Ultimate Bulletin Board [IMG] Tag Javascript Embedding Vulnerability
Solution:
Upgrades available:
Infopop Ultimate Bulletin Board 5.0 .x Beta
Solution:
Upgrades available:
Infopop Ultimate Bulletin Board 5.0 .x Beta
-
Infopop Ultimate Bulletin Board 6.0 Beta
http://www.infopop.com/nonbusiness/nonbusiness_ubb.html
References
Ultimate Bulletin Board [IMG] Tag Javascript Embedding Vulnerability
References:
References: