[XSS] paBox 1.6

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: [XSS] paBox 1.6
From: Rift <Sean@xxxxxxxxxxxx>
Date: 3 Mar 2005 09:52:11 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm


Just wanted to let it be known seeing as i havent seen any info on this yet, 
ive discovered a cross scripting problem in PABox 1.6 

http://phpnuke.org/modules.php?name=News&file=article&sid=5065

they give a demo page of pabox there.  if you take the default form used for 
the shoutbox, there are always two parameters marked as hidden:

<input type="hidden" name="date"...
and
<input type="hidden" name="time"...


you can easily extract the form from anysite's pabox and change the date value 
to "text" and inject scripting code into it.. for example

<h1><marquee>&lt;script&gt;document.write(document.cookie);&lt;/script&gt;</marquee></h1><noscript>

obviously your code can be modified to do anything of your liking.

Prev by Date: Microsoft AntiSpyware Beta and Windows Scripting Host
Next by Date: [CLA-2005:928] Conectiva Security Announcement - clamav
Previous by thread: RE: Microsoft AntiSpyware Beta and Windows Scripting Host
Next by thread: [CLA-2005:928] Conectiva Security Announcement - clamav
Index(es):
- Date
- Thread