26th Sep 2002 [SBWID-5409]
COMMAND
XMB Forum Cross Site Scripting security hole
SYSTEMS AFFECTED
Probably all versions
PROBLEM
val2 [valdeux@aol.com] found a CSS vulnerability on XMB Forum:
when you go to any board
EX : http://www.xmbforum.com/community/forumdisplay.php?fid=XX, The
board contains, by example, "new topic" function.
so, it contains this html code :
<a href="post.php?action=newthread&fid=XX">
But if we replace [XX] by [">], it closes the link, and anything could
be written after, including malicious javascript code !
EXAMPLE (no risks) :
http://www.xmbforum.com/community/forumdisplay.php?fid=21"><script>alert(document.cookie)</script>
===> shows cookie
A hacker could make his own http:/www.blahblah.com/sk/save_cookie.php,
and redirect user in order to get cookie ...
So, anybody could get cookie (and maybe password) of any brash user ...
SOLUTION
Nothing yet.