bblog 0.7.2 cross site scripting

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: bblog 0.7.2 cross site scripting
From: <penfold@xxxxxxxxxxx>
Date: 26 Mar 2004 20:08:45 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm


Introduction:
Bblog, a blogging system scripted in PHP does not perform sufficient filtering 
when submitting a blog name. The severity of this flaw however, is low as the 
required privileges to access the administration panel for bblog is superuser.

The problem:
The flaw lies in bblog/index.php?b=options, where an *evil* attacker can quite 
possibly hijack a session. Submitting the blog name with the value of "< script 
>alert(document.cookie);< / script >" will insert this into the title of the 
blog, which in turn, speaks for itself.

Fix:
Filter the value of the blog name to disallow any html insertion.

Kind Regards,
penfold
http://www.dlofnep.com

Prev by Date: phpBB2 2.0.8 privmsg.php SQL injection patch (critical).
Next by Date: Re: [waraxe-2004-SA#013 - Critical sql injection bug in PhpBB 2.0.8 and in older versions]
Previous by thread: phpBB2 2.0.8 privmsg.php SQL injection patch (critical).
Next by thread: Re: [waraxe-2004-SA#013 - Critical sql injection bug in PhpBB 2.0.8 and in older versions]
Index(es):
- Date
- Thread