exploits , vulnerabilities , articles , Simple Machines Forum Size Tag HTML Injection Vulnerability

Title	Simple Machines Forum Size Tag HTML Injection Vulnerability
Published	2004-05-05-12:00AM
Updated	2004-05-05-07:52PM
Class	Input Validation Error
CVE	CVE-MAP-NOMATCH
Remote	Yes
Local	No
Credit	This vulnerability is credited to Cheng Peng Su <apple_soup@msn.com>.
Vulnerable	Simple Machines SMF 1.0 beta5p Simple Machines SMF 1.0 beta4p Simple Machines SMF 1.0 beta4.1
Not Vulnerable
Code	No exploit is required for this issue, however Cheng Peng Su <apple_soup@msn.com> provided some proof-of-concept code. An attacker could reportedly post content to the forums containing: [size=expression(alert(document.cookie))]Content[/size] With the limit that the forum software filters out quotes, apostrophes and semicolons. Another method that circumvents the software filtering would be to post content such as: [size=expression(eval(unescape(document.URL.substring(document.URL.length-34,document.URL.length))))]Content[/size] then get the victim to follow: http://www.example.com/index.php?topic=12345.0&alert('cookie: '+document.cookie) Where the '12345.0' is the topic containing the previously posted content. The victim's browser would execute the last 34 characters (as specified in the previously posted 'length-34' content).
TXT

Vulnerabilities - newest 10 RSS | More

• 2009-12-16 ZABBIX Denial Of Service and SQL Injection Vulnerabilities
• 2009-12-16 IBM WebSphere Application Server JNDI Remote Information Disclosure Vulnerability
• 2009-12-16 Horde Application Framework Administration Interface Cross-Site Scripting Vulnerability
• 2009-12-16 Mozilla Firefox and SeaMonkey MFSA 2009-65 through -71 Multiple Vulnerabilities
• 2009-12-16 Merkaartor Insecure Temporary File Creation Vulnerability
• 2009-12-15 TYPO3 Watchdog (aba_watchdog) Unspecified Information Disclosure Vulnerability
• 2009-12-15 PostgreSQL Index Function Session State Modification Local Privilege Escalation Vulnerability
• 2009-12-15 PostgreSQL NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
• 2009-12-15 IBM DB2 prior to 9.5 Fix Pack 5 Multiple Unspecified Security Vulnerabilities
• 2009-12-15 Sun Ray Server Software Desktop Session Handling Local Security Bypass Vulnerability

• Vulnerabilities
• Exploits
• News
• Articles

Copyright 2007, SecurityDot
Thu, 17 Dec 2009 00:19:01 +0000