Raven
23/02/05, 17:45
[][][][][][][][][][][][][][][][][][][][][][][][][][]
[][][]
[]
[] HRG - Hackerlounge Research Group
[] Release: HRG001
[] Friday 11-02-05
[] Software PBLang 4.65 search.php XSS vulnerability
[]
[] The author can't be held responsible for any
damage
[] done by a reader. You have your own resonsibility
[] Please use this document like it's meant to.
[]
[][][][][][][][][][][][][][][][][][][][][][][][][][]
[][][]
Vulnerable: PBLang 4.65 (current) (and earlier?)
---
General information:
PBLang is an international BBS-software based on
PHP. It does not require any database but bases on a
flatfile system. Many professional features. More
info on the project website.
---
Description:
The search.php script is vulnerable to a XSS attack
by a remote attacker. The searched string is not
filtered for any harmfull characters like < > and ".
This makes it possible for an attacker to trick a
user into going to a harmfull page and stealing a
session.
---
Proof Of Concept:
Type in the search box "<script
language="javascript">alert("Hackerlounge.com pwns
joo");</script>" and submit. An alertbox with the
text "Hackerlounge.com pwns joo" should come up.
---
Fix and Vendor status:
The vendor has been notified, expect an official
patch soon.
---
Credit:
HRG (Hackerlounge Research Group).
Hackerlounge.com
TGS-Security.com
[][][][][][][][][][][][][][][][][][][][][][][][][][]
[][][]
[]
[] HRG - Hackerlounge Research Group
[] Release: HRG001
[] Friday 11-02-05
[] Software PBLang 4.65 search.php XSS vulnerability
[]
[] The author can't be held responsible for any
damage
[] done by a reader. You have your own resonsibility
[] Please use this document like it's meant to.
[]
[][][][][][][][][][][][][][][][][][][][][][][][][][]
[][][]
[][][]
[]
[] HRG - Hackerlounge Research Group
[] Release: HRG001
[] Friday 11-02-05
[] Software PBLang 4.65 search.php XSS vulnerability
[]
[] The author can't be held responsible for any
damage
[] done by a reader. You have your own resonsibility
[] Please use this document like it's meant to.
[]
[][][][][][][][][][][][][][][][][][][][][][][][][][]
[][][]
Vulnerable: PBLang 4.65 (current) (and earlier?)
---
General information:
PBLang is an international BBS-software based on
PHP. It does not require any database but bases on a
flatfile system. Many professional features. More
info on the project website.
---
Description:
The search.php script is vulnerable to a XSS attack
by a remote attacker. The searched string is not
filtered for any harmfull characters like < > and ".
This makes it possible for an attacker to trick a
user into going to a harmfull page and stealing a
session.
---
Proof Of Concept:
Type in the search box "<script
language="javascript">alert("Hackerlounge.com pwns
joo");</script>" and submit. An alertbox with the
text "Hackerlounge.com pwns joo" should come up.
---
Fix and Vendor status:
The vendor has been notified, expect an official
patch soon.
---
Credit:
HRG (Hackerlounge Research Group).
Hackerlounge.com
TGS-Security.com
[][][][][][][][][][][][][][][][][][][][][][][][][][]
[][][]
[]
[] HRG - Hackerlounge Research Group
[] Release: HRG001
[] Friday 11-02-05
[] Software PBLang 4.65 search.php XSS vulnerability
[]
[] The author can't be held responsible for any
damage
[] done by a reader. You have your own resonsibility
[] Please use this document like it's meant to.
[]
[][][][][][][][][][][][][][][][][][][][][][][][][][]
[][][]