Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormMartin HeistermannPACKETSTORM:35650
HistoryJan 11, 2005 - 12:00 a.m.

woltlabXSS.txt

2005-01-1100:00:00
Martin Heistermann
packetstormsecurity.com
30
JSON
`  
  
Advisory Information  
--------------------  
Advisory name : Woltlab Burning Board Lite formmail.php XSS  
Discovered by : drhankey / it-security23.net  
Vendor Name : Woltlab  
Vendor Homepage : http://www.woltlab.de  
Software : Woltlab Burning Board Lite  
Vulnerability Type : Cross-Site-Scripting  
Vulnerable Versions : 1.0.0, 1.0.1e, maybe more  
Platforms : OS Independent, PHP  
  
  
What is Woltlab Burning Board Lite?  
----------------------------------  
Woltlab Burning Board Lite is the free version of the Woltlab Burning Board,  
a PHP based bulletin board  
  
  
Vulnerability Description:  
-------------------------  
formmail.php outputs the "userid"-parameter unfiltered, so its possible to add arbitary Code to the output by using a malformed link.  
The Board also allows logging in with stolen cookies.  
  
Proof of Concept:  
-----------------  
http://website/board/formmail.php?userid=1"><script>document.location.href="http://www.it-security23.net";</script x="y  
`
JSON