[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ChipmunkBlogger improper input sanitizing

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: ChipmunkBlogger improper input sanitizing
From: zerogue@xxxxxxxxx
Date: 6 May 2006 12:54:16 -0000

ChipmunkBlogger improper input sanitizing

Discovered by: Nomenumbra
Date: 6/4/2006
impact:moderate (privilege escalation,possible defacement)

Posts (potentially made by lower-privilege members) and profile names aren't 
properly sanitized, thus resulting
in being vulnerable to the following kind of XSS injection:

<SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>

The photo gallery input isn't sanitized either, by giving the following
input as an url we have a nice XSS attack:

javascript:alert(%27xss%27)


Nomenumbra/[0x4F4C]

Prev by Date: JetBox CMS Remote File Include
Next by Date: ChipmunkBoard Multiple Attack vectors
Previous by thread: JetBox CMS Remote File Include
Next by thread: ChipmunkBoard Multiple Attack vectors
Index(es):
- Date
- Thread