OpenBB 1.0.x Image Tag Cross-Agent Scripting Vulnerability

2002-02-25T00:00:00
ID EDB-ID:21301
Type exploitdb
Reporter skizzik
Modified 2002-02-25T00:00:00

Description

OpenBB 1.0.x Image Tag Cross-Agent Scripting Vulnerability. CVE-2002-0330. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/4171/info

OpenBB is web forum software written in PHP. It will run on most Linux and Unix variants, in addition to Microsoft Windows operating systems.

OpenBB allows users to include images in forum messages using image tags, with the following syntax:

[img]url of image[/img]

It is possible to inject arbitrary script code into forum messages via these image tags. Script code will be executed in the browser of the user viewing the forum message, in the context of the website running the vulnerable software. This may allow an attacker to steal cookie-based authentication credentials.

[img]javasCript:alert('Hello world.')[/img]