'Re: [oss-security] CVE Request:Vanilla Forums 2.0.16 <= Cross Site'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE Request:Vanilla Forums 2.0.16 <= Cross Site
From:       Josh Bressers <bressers () redhat ! com>
Date:       2011-01-27 20:36:56
Message-ID: 2025608634.170697.1296160616674.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]

Please use CVE-2011-0526. Thanks.

-- 
    JB

----- Original Message -----
> ===========================================
> Vanilla Forums 2.0.16 <= Cross Site Scripting Vulnerability
> ===========================================
> 
> 
> 1. OVERVIEW
> 
> The Vanilla Forums 2.0.16 and lower versions were vulnerable to Cross
> Site Scripting.
> 
> 
> 2. BACKGROUND
> 
> Vanilla Forums are open-source, standards-compliant, customizable
> discussion forums.
> It is specially made to help small communities grow larger through SEO
> mojo, totally customizable social tools,
> and great user experience. Vanilla is also built with integration at
> the forefront, so it can
> seamlessly integrate with your existing website, blog, or custom-built
> application.
> 
> 
> 3. VULNERABILITY DESCRIPTION
> 
> The 'Target' parameter was not properly sanitized after user logs in,
> which allows attacker to conduct Cross Site Scripting attack.
> An attacker could prepare a link in a forum post that includes a link
> to a file which seems to require authentication.
> Upon logging in, user will get XSSed.
> 
> 
> 4. VERSIONS AFFECTED
> 
> 2.0.16 and lower
> 
> 
> 5. PROOF-OF-CONCEPT/EXPLOIT
> 
> http://vanilla/index.php?p=/entry/signin&Target=javascript:alert(document.cookie)//http://
> 
> 
> 6. SOLUTION
> 
> Upgrade to Vanilla Forums 2.0.17 or higher
> 
> 
> 7. VENDOR
> 
> Vanilla Forums Development Team
> http://vanillaforums.org/
> 
> 
> 8. CREDIT
> 
> This vulnerability was discovered by Aung Khant, http://yehg.net, YGN
> Ethical Hacker Group, Myanmar.
> 
> 
> 9. DISCLOSURE TIME-LINE
> 
> 2010-12-14: notified vendor
> 2011-01-18: vendor released fix
> 2011-01-27: vulnerability disclosed
> 
> 
> 10. REFERENCES
> 
> Original Advisory URL:
> http://yehg.net/lab/pr0js/advisories/[vanilla_forums-2.0.16]_cross_site_scripting
> What XSS Can Do:
> http://yehg.net/lab/pr0js/view.php/What%20XSS%20Can%20Do.pdf
> XSS FAQs: http://www.cgisecurity.com/articles/xss-faq.shtml
> XSS (wiki): http://en.wikipedia.org/wiki/Cross-site_scripting
> XSS (owasp): http://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
> CWE-79: http://cwe.mitre.org/data/definitions/79.html
> 
> 
> #yehg [2011-01-27]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic