bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

b2evolution XSS Vulnerabilities

from [tarkus] [Permanent Link][Original]
To: bugtraq@securityfocus.com
Subject: b2evolution XSS Vulnerabilities
From: tarkus@tiifp.org
Date: 28 Nov 2006 19:34:18 -0000
Delivered-to: sp-com-lists@consult.net
Delivered-to: bugtraq-list@securepoint.com
Delivered-to: mailing list bugtraq@securityfocus.com
Delivered-to: moderator for bugtraq@securityfocus.com
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@securityfocus.com; run by ezmlm 
_________________________________________
Security Advisory
_________________________________________
_________________________________________

  Severity: Medium
  Title: b2evolution XSS Vulnerability
  Date: 28.11.06
  Author: tarkus (tarkus (at) tiifp (dot) org)
  Web: https://tiifp.org/tarkus
  Vendor: b2evolution (http://b2evolution.net/)
  Affected Product(s): b2evolution 1.8.2 - 1.9 beta
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Description:
------------

http://<victim>/<b2epath>/inc/VIEW/errors/_404_not_found.page.php?bas \
eurl=[XSS]&app_name=[XSS]

http://<victim>/<b2epath>/inc/VIEW/errors/_410_stats_gone.page.php?ap \
p_name=[XSS]

http://<victim>/<b2epath>/inc/VIEW/errors/_referer_spam.page.php?ReqU \
RI=[XSS]&app_name=[XSS]



Workaround:
-----------

Put the following line at the beginning of the files.

if( !defined('EVO_MAIN_INIT') ) die( 'Please, do not access this page \
directly.' );



Timeline:
---------

Reported to Vendor:     10.11.06
Vendor response:        10.11.06
Patch in CVS:           10.11.06
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • b2evolution XSS Vulnerabilities, tarkus <=
Previous by Date:  Re: PhpGedView 4.0.2 (DOCUMENT_ROOT) File inclusion Vulnerablity, Mefisto
Next by Date:  [USN-387-1] Dovecot vulnerability, Kees Cook
Previous by Thread:  ProFTPD mod_tls pre-authentication buffer overflow, research
Next by Thread:  [USN-387-1] Dovecot vulnerability, Kees Cook
Indexes:  [Date] [Thread] [Top] [All Lists]