XSS Vulnerability in BBCodeItem
Global Rank: 229
Totalscore: 92743
Posts: 1680
Thanks: 1358
UpVotes: 920
Registered: 16y 280d
Last Seen: 4s
The User is Online
XSS Vulnerability in BBCodeItem
Aug 10, 2012 - 20:46:46 (12y 105d)
Aug 10, 2012 - 20:46:46 (12y 105d)
As most of you should know, a part of the cookie is a lie challenge consists of sending a PM to Z which he will click.
Well, one user, namely hellsonic, managed to exploit the bbdecoder to automatize this task via XSS.
The flaw lied within the url parameter of the url tag, which was not sanitzed.
The problem got fixed in SVN with changeset 2271.
Big thanks and gratulations to hellsonic for finding this flaw.
Also thanks to Z for reporting the flaw
Happy Challenging!
gizmore
Well, one user, namely hellsonic, managed to exploit the bbdecoder to automatize this task via XSS.
The flaw lied within the url parameter of the url tag, which was not sanitzed.
The problem got fixed in SVN with changeset 2271.
Big thanks and gratulations to hellsonic for finding this flaw.
Also thanks to Z for reporting the flaw
Happy Challenging!
gizmore
The geeks shall inherit the properties and methods of object earth.
tunelko, quangntenemy, TheHiveMind, Z, balicocat, Ge0, samuraiblanco, arraez, jcquinterov, hophuocthinh, alfamen2, burhanudinn123, Ben_Dover, stephanduran89, braddie0, SwolloW, dangarbri, csuquvq have subscribed to this thread and receive emails on new posts.
1 people are watching the thread at the moment.
This thread has been viewed 3447 times.
1 people are watching the thread at the moment.
This thread has been viewed 3447 times.