Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » cross-site-scripting-bug in phpGB

cross-site-scripting-bug in phpGB

by Nikola Strahija on September 9th, 2002 phpGB ist a php/mysql based guestbook. Unfortunately no input is been filtered for malicious code segments. That leads to the possibility of a cross-site-scripting attack.


More details
- ------------
A possible blackhat is able to insert eg. javascript code into the
guestbook entry. When an admin tries to delete this entry the script
will be executed. So the attacke is able to eg. get the session id and
enter the admin area without being authenticated.


Proof-of-concept
- ----------------
Enter the following guestbookentry:

"delete me alert(document.cookie)"

When an admin tries to delete this entry, a popup showing his session
id will come up. Of course it is quite easy to submit this session id
to blackhat's server instead of showing this popup.


Temporary-fix
- -------------
Filter all inputs for unwanted code segments like html or javascript code.


Fix
- ---
phpGB 1.2 filters all inputs.


Security-Risk
- -------------
Because after a successfull attack an attacker is able to do anything
an admin can do, the whole guestbook shall be deemed to be
compromised. That is why we are rating the risk to high.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »