Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 14 Mar 2011 16:36:53 -0400 (EDT)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: coley <coley@...re.org>
Subject: Re: CVE Request: bbPress 1.0.2 <= Cross Site
 Scripting Vulnerability

Please use CVE-2011-1150

Thanks.

-- 
    JB


----- Original Message -----
> 1. OVERVIEW
> 
> bbPress 1.0.2 and lower versions were vulnerable to Cross Site
> Scripting.
> 
> 
> 2. APPLICATION DESCRIPTION
> 
> bbPress is plain and simple forum software, plain and simple with a
> twist from the creators of WordPress.
> It is focused on web standards, ease of use, ease of integration, and
> speed.
> 
> 
> 3. VULNERABILITY DESCRIPTION
> 
> The "re" parameter was not properly sanitized upon submission to the
> /bb-login.php url, which allows attacker to conduct Cross Site
> Scripting attack.
> This may allow an attacker to create a specially crafted URL that
> would execute arbitrary script code in a victim's browser.
> If a user has already logged in to the application, an XSS attack will
> execute promptly.
> If not, it will execute after the user's successful logging in.
> 
> 
> 4. VERSIONS AFFECTED
> 
> bbPress 1.0.2 and lower
> 
> 
> 5. PROOF-OF-CONCEPT/EXPLOIT
> 
> http://localhost/bb-login.php?re=data%3Atext%2Fhtml%3Bbase64%2CPHNjcmlwdD5hbGVydCgiWFNTXG4iK2RvY3VtZW50LmNvb2tpZSk8L3NjcmlwdD4%3D
> 
> 
> 6. SOLUTION
> 
> Upgrade to 1.0.3 or higher
> 
> 
> 7. VENDOR
> 
> bbPress Development Team
> http://bbpress.org/
> 
> 
> 8. CREDIT
> 
> This vulnerability was discovered by Aung Khant, http://yehg.net, YGN
> Ethical Hacker Group, Myanmar.
> 
> 
> 9. DISCLOSURE TIME-LINE
> 
> 2010-12-23: notified vendor
> 2011-02-24: vendor released fixed version
> 2011-03-13: vulnerability disclosed
> 
> 
> 10. REFERENCES
> 
> Original Advisory URL:
> http://yehg.net/lab/pr0js/advisories/[bbpress-1.0.2]_cross_site_scripting
> About bbPress: http://bbpress.org/about/
> 
> 
> #yehg [2011-03-13]
> 
> 
> ---------------------------------
> Best regards,
> YGN Ethical Hacker Group
> Yangon, Myanmar
> http://yehg.net
> Our Lab | http://yehg.net/lab
> Our Directory | http://yehg.net/hwd

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.