Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » OpenBB Image Tag Cross-Site Scripting Vulnerability

OpenBB Image Tag Cross-Site Scripting Vulnerability

by Nikola Strahija on February 27th, 2002 OpenBB is web forum software written in PHP. OpenBB allows users to include images in forum messages using image tags, with the following syntax: [img]url of image[/img]


It is possible to inject arbitrary script code into forum messages via these image tags. Script code will be executed in the browser of the user viewing the forum message, in the context of the website running the vulnerable software. This may allow an attacker to steal cookie-based authentication credentials.

Remote: Yes

Exploit: The following proof-of-concept was submitted:

[img]javasCript:alert('Hello world.')[/img]

Vulnerable: OpenBB OpenBB 1.0.0 RC2
OpenBB OpenBB 1.0.0 RC1
OpenBB OpenBB 1.0.0 beta1


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »