Announcement

Collapse
No announcement yet.

Bugtraq Post: XSS vuln

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Bugtraq Post: XSS vuln

    Hi,

    "Jaime Fisher" posted XSS exploit code this morning on SecurityFocus's Bugtraq mailing list. I did some searching through the forum and bug database and didn't come up with any relevant threads. Is this an actual threat? He doesn't mention if it tested it against v3 or v2. I cannot seem to reproduce his sample on either this forum on or one running v2.

    Could a developer please comment? He notes that he contacted the vendor.

    Paul

  • #2
    What's the URL to this report? In my experience the Devs react almost instantly to investigate, and if necessary, fix any confirmed security issues.
    Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
    Change CKEditor Colors to Match Style (for 4.1.4 and above)

    Steve Machol Photography


    Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


    Comment


    • #3
      http://www.securityfocus.com/archive...0/2004-02-16/0

      Comment


      • #4
        Thanks Paul. I've passed this info on.
        Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
        Change CKEditor Colors to Match Style (for 4.1.4 and above)

        Steve Machol Photography


        Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


        Comment


        • #5
          http://www.vbulletin.com/forum/showthread.php?t=95284

          By the way, he did not contact any of the Developers nor anyone else from Jelsoft as far as I know.
          Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
          Change CKEditor Colors to Match Style (for 4.1.4 and above)

          Steve Machol Photography


          Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


          Comment


          • #6
            ummm, I was just looking at SecurityFocus about this exploit, and then found this: http://www.securityfocus.com/archive...1/2004-02-17/2

            Should we be worried about this one? I noticed down the bottom it said the guy had contacted the Vendor, so *shrug*

            Comment


            • #7
              This is the report that this thread is about.

              So, don't worry. The fix is already available.
              this is my sig

              Comment


              • #8
                I think you may have copied the wrong URL. The link above takes you to the same message I posted yesterday. The XSS issue posted today can be found at:

                http://www.securityfocus.com/archive...1/2004-02-17/2

                A quick glance shows something about search.php instead of register.php. The second one is posted by "Rafel Ivgi, The-Insider." As an aside, Rafel's advisory/exploit has no mention of contacting Jelsoft.

                Comment


                • #9
                  Originally posted by Paul
                  A quick glance shows something about search.php instead of register.php. The second one is posted by "Rafel Ivgi, The-Insider." As an aside, Rafel's advisory/exploit has no mention of contacting Jelsoft.
                  Just verified that this is in fact working on this site.

                  Comment


                  • #10
                    Sorry, is that the exploit is working, or the fix is working to stop the exploit?

                    Comment


                    • #11
                      The exploit is working on this site mentioned in the second advisory. There are two separate advisories. I don't know if the fix supplied yesterday fixes both, but the second wasn't published until after the init.php fix was posted.

                      I haven't tested it recently, but it did when I last posted above. I filled out a bug report in the bugs area.

                      Comment


                      • #12
                        Yes it is a different exploit and it is no longer exploiatable on this forum. You can obtain a patched search.php in the announcements forum.

                        Comment


                        • #13
                          yay

                          Comment

                          widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                          Working...
                          X