EV0080.txt

2006-02-17T00:00:00
ID PACKETSTORM:43942
Type packetstorm
Reporter Aliaksandr Hartsuyeu
Modified 2006-02-17T00:00:00

Description

                                        
                                            `New eVuln Advisory:  
M. Blom HTML::BBCode perl module XSS Vulnerabilities  
http://evuln.com/vulns/80/summary.html  
  
--------------------Summary----------------  
eVuln ID: EV0080  
Software: M. Blom HTML::BBCode  
Sowtware's Web Site: http://menno.b10m.net/perl/  
Versions: 1.04 1.03 and earlier  
Critical Level: Moderate  
Type: Cross-Site Scripting  
Class: Remote  
Status: Patched  
Exploit: Available  
Solution: Available  
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)  
  
-----------------Description---------------  
Arbitrary script code insertion is possible in BBcode [url] and [img] tags.  
  
All scripts which use HTML::BBCode module are threatened.  
  
--------------Exploit----------------------  
Available at: http://evuln.com/vulns/80/exploit.html  
  
BBcode Cross-Site Scripting Examples:  
  
[img]javascript:alert(123)[/img]  
  
[url=javascript:alert(123)]Click me[/url]  
  
--------------Solution---------------------  
Problem fixed in 1.05 version.  
  
http://menno.b10m.net/perl/dists/HTML-BBCode-1.05.tar.gz  
  
--------------Credit-----------------------  
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)  
  
  
Regards,  
Aliaksandr Hartsuyeu  
http://evuln.com  
`