Username: 
Password: 
Restrict session to IP 

XSS Vulnerability in BBCodeItem

Global Rank: 227
Totalscore: 94363
Posts: 1680
Thanks: 1358
UpVotes: 920
Registered: 16y 290d




Last Seen: 5d 23h
The User is Offline
XSS Vulnerability in BBCodeItem
Google/translate1Thank You!0Good Post!1Bad Post! link
As most of you should know, a part of the cookie is a lie challenge consists of sending a PM to Z which he will click.

Well, one user, namely hellsonic, managed to exploit the bbdecoder to automatize this task via XSS.

The flaw lied within the url parameter of the url tag, which was not sanitzed.
The problem got fixed in SVN with changeset 2271.

Big thanks and gratulations to hellsonic for finding this flaw.
Also thanks to Z for reporting the flaw Smile

Happy Challenging!
gizmore
The geeks shall inherit the properties and methods of object earth.
tunelko, quangntenemy, TheHiveMind, Z, balicocat, Ge0, samuraiblanco, arraez, jcquinterov, hophuocthinh, alfamen2, burhanudinn123, Ben_Dover, stephanduran89, braddie0, SwolloW, dangarbri, csuquvq have subscribed to this thread and receive emails on new posts.
1 people are watching the thread at the moment.
This thread has been viewed 3451 times.