Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Ultimate Bulletin Board [IMG] Tag Javascript Embedding Vulnerability

Ultimate Bulletin Board [IMG] Tag Javascript Embedding Vulnerability

by platon on March 2nd, 2001 Ultimate Bulletin Board is a free software package available from Infopop. The UBB package is a web based bulletin board package designed to offer discussion forums from a web interface....


A problem with a beta version of the software could allow the retrieval of user cookies. Upon logging into the UBB, cookies containing user information are stored on the users drive. These cookies normally contain sensitive information, such as the login name and password. Due to the insufficient checking of input by the bulletin board, it is possible to embed a single line of javascript between the [img] tags and post the code to the bulletin board. Upon replying to the message, a users browser would then interpret and execute the javascript, sending the information to a remote site. The problem can be exploited while the HTML bulletin board post option is turned off.

This makes it possible for a user with malicious motives to post a message to the bulletin board containing malicious code, and retrieve the users cookie.

[Homepage]

Upgrades available: Infopop Ultimate Bulletin Board 5.0.x Beta: Infopop upgrade Ultimate Bulletin Board 6.0 Beta [Download from infopop.com]


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »