Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 27 Jan 2011 15:36:56 -0500 (EST)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: coley <coley@...re.org>
Subject: Re: CVE Request:Vanilla Forums 2.0.16 <= Cross Site
 Scripting Vulnerability

Please use CVE-2011-0526. Thanks.

-- 
    JB

----- Original Message -----
> ===========================================
> Vanilla Forums 2.0.16 <= Cross Site Scripting Vulnerability
> ===========================================
> 
> 
> 1. OVERVIEW
> 
> The Vanilla Forums 2.0.16 and lower versions were vulnerable to Cross
> Site Scripting.
> 
> 
> 2. BACKGROUND
> 
> Vanilla Forums are open-source, standards-compliant, customizable
> discussion forums.
> It is specially made to help small communities grow larger through SEO
> mojo, totally customizable social tools,
> and great user experience. Vanilla is also built with integration at
> the forefront, so it can
> seamlessly integrate with your existing website, blog, or custom-built
> application.
> 
> 
> 3. VULNERABILITY DESCRIPTION
> 
> The 'Target' parameter was not properly sanitized after user logs in,
> which allows attacker to conduct Cross Site Scripting attack.
> An attacker could prepare a link in a forum post that includes a link
> to a file which seems to require authentication.
> Upon logging in, user will get XSSed.
> 
> 
> 4. VERSIONS AFFECTED
> 
> 2.0.16 and lower
> 
> 
> 5. PROOF-OF-CONCEPT/EXPLOIT
> 
> http://vanilla/index.php?p=/entry/signin&Target=javascript:alert(document.cookie)//http://
> 
> 
> 6. SOLUTION
> 
> Upgrade to Vanilla Forums 2.0.17 or higher
> 
> 
> 7. VENDOR
> 
> Vanilla Forums Development Team
> http://vanillaforums.org/
> 
> 
> 8. CREDIT
> 
> This vulnerability was discovered by Aung Khant, http://yehg.net, YGN
> Ethical Hacker Group, Myanmar.
> 
> 
> 9. DISCLOSURE TIME-LINE
> 
> 2010-12-14: notified vendor
> 2011-01-18: vendor released fix
> 2011-01-27: vulnerability disclosed
> 
> 
> 10. REFERENCES
> 
> Original Advisory URL:
> http://yehg.net/lab/pr0js/advisories/[vanilla_forums-2.0.16]_cross_site_scripting
> What XSS Can Do:
> http://yehg.net/lab/pr0js/view.php/What%20XSS%20Can%20Do.pdf
> XSS FAQs: http://www.cgisecurity.com/articles/xss-faq.shtml
> XSS (wiki): http://en.wikipedia.org/wiki/Cross-site_scripting
> XSS (owasp): http://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
> CWE-79: http://cwe.mitre.org/data/definitions/79.html
> 
> 
> #yehg [2011-01-27]

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ