BBCode XSS Vulnerability in microBlog
Summary
- Vulnerability
- BBCode XSS Vulnerability in microBlog
- Discovered
- 2006.01.16
- Last Update
- 2006.02.22 Solution added
- ID
- EV0036
- CVE
- CVE-2006-0233
- Risk Level
- low
- Type
- Cross Site Scripting
- Status
- Patched
- Vendor
- n/a
- Vulnerable Software
- microBlog (http://www.stamcar.com/projekti/microblog/)
- Version
- 2.0 RC-10
- PoC/Exploit
- Available
- Solution
- Available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Description
Cross Site Scripting found in microBlog (http://www.stamcar.com/projekti/microblog/) script.
Arbitrary script code insertion is possible in BBcode [url] tag.
Vulnerable Script: functions.php
[url] tag isn't properly sanitized. This can be used to post arbitrary script code.
PoC/Exploit
BBcode Example:
[url=javascript:alert(123)]title[/url]
Solution.
Install or upgrade to new 2.1 version to fix this vulnerability