|
Member
Joined: Apr 2001
Posts: 73 |
Tien Chuck quest ce que tu peu faire pour ca Jun, 18 2001 - 16:10 contributed by: hx Summary This advisory shows how almost any script that uses cookie session/login data to validate CGI forms can be exploited if the users can post images. Details Known vulnerable: * Ultimate Bulletin BoardT version 6.04e (and prior) * ezboard 6.2, WWW Threads PHP 5.4 * vBulletin 2.0.0 Release Candidate 2 and before (later versions are safe) Immune systems: * Ultimate Bulletin BoardT version 6.04f Allowing users to post inline images is potentially a bad thing. Having the user authentication based solely on cookies is another potentially bad thing. When you put them together, it gets a whole lot worse. We will explain this problem with reference to a typical forum system, but naturally, it can be extended to almost any other CGI script, not just limited to PHP scripts. What is the problem? Well, by using an [img] (or HTML ![]() or |
