XSS Vulnerability in BBCodeItem
Global Rank: 253
Totalscore: 87266
Posts: 1639
Thanks: 1338
UpVotes: 886
Registered: 16y 72d
Last Seen: 2d 5h
The User is Offline
XSS Vulnerability in BBCodeItem
Aug 10, 2012 - 20:46:46 (11y 262d)
Aug 10, 2012 - 20:46:46 (11y 262d)
As most of you should know, a part of the cookie is a lie challenge consists of sending a PM to Z which he will click.
Well, one user, namely hellsonic, managed to exploit the bbdecoder to automatize this task via XSS.
The flaw lied within the url parameter of the url tag, which was not sanitzed.
The problem got fixed in SVN with changeset 2271.
Big thanks and gratulations to hellsonic for finding this flaw.
Also thanks to Z for reporting the flaw
Happy Challenging!
gizmore
Well, one user, namely hellsonic, managed to exploit the bbdecoder to automatize this task via XSS.
The flaw lied within the url parameter of the url tag, which was not sanitzed.
The problem got fixed in SVN with changeset 2271.
Big thanks and gratulations to hellsonic for finding this flaw.
Also thanks to Z for reporting the flaw
Happy Challenging!
gizmore
The geeks shall inherit the properties and methods of object earth.
tunelko, quangntenemy, TheHiveMind, Z, balicocat, Ge0, samuraiblanco, arraez, jcquinterov, hophuocthinh, alfamen2, burhanudinn123, Ben_Dover, stephanduran89, braddie0, JanLitwin17, SwolloW, dangarbri have subscribed to this thread and receive emails on new posts.
1 people are watching the thread at the moment.
This thread has been viewed 3293 times.
1 people are watching the thread at the moment.
This thread has been viewed 3293 times.