Username: 
Password: 
Restrict session to IP 

XSS Vulnerability in BBCodeItem

Global Rank: 227
Totalscore: 94359
Posts: 1682
Thanks: 1359
UpVotes: 920
Registered: 16y 311d




Last Seen: 8h 57m
The User is Offline
XSS Vulnerability in BBCodeItem
Google/translate1Thank You!0Good Post!1Bad Post! link
As most of you should know, a part of the cookie is a lie challenge consists of sending a PM to Z which he will click.

Well, one user, namely hellsonic, managed to exploit the bbdecoder to automatize this task via XSS.

The flaw lied within the url parameter of the url tag, which was not sanitzed.
The problem got fixed in SVN with changeset 2271.

Big thanks and gratulations to hellsonic for finding this flaw.
Also thanks to Z for reporting the flaw Smile

Happy Challenging!
gizmore
The geeks shall inherit the properties and methods of object earth.
tunelko, quangntenemy, TheHiveMind, Z, balicocat, Ge0, samuraiblanco, arraez, jcquinterov, hophuocthinh, alfamen2, burhanudinn123, Ben_Dover, stephanduran89, braddie0, SwolloW, dangarbri, csuquvq have subscribed to this thread and receive emails on new posts.
1 people are watching the thread at the moment.
This thread has been viewed 3464 times.