#########################################
Work board input validation error in
task_id variable and proyect_id variable
let´s remote users to make XSS attacks
vendor: http://www.burnwave.com/modules.php? name=
Archives&op=info&did=15
Developer: Michael Squires
vendor notified: yes(msn conversation) xploit include: yes
original advisore:http://lostmon.blogspot.com/2004/12
/workboard-input-validation-error-in.html
OSVDB ID:12504
secunia:SA13574
##########################################
WorkBoard is a project/task manager used for primarily for software development
(in this case, PHP... but it can be used for non-software projects).
this script have two imput validation erros and a remote user can conduct
Cross-site scripting attacks (XSS)the flaw was on 'project_id' variable
http://[target]/modules.php?name=WorkBoard&file=
project&project_id=3[XSS_code]
http://[target]/modules.php?name=WorkBoard&file=project&project_id=
2%3Cbody%3E%3Cp%3E%3Ch1%3EWorkboard+XSS%20Pow@!!+%21%21%21+
lostmon+was+here+%3AD%3C/h1%3Eand the same flaw afected 'task_id' variable
http://[target]/modules.php?name=Work_Board&op=
Task&task_id=7[XSS_code]
http://[target]/modules.php?name=Work_Board&op=
Task&task_id=5%3Cbody%3E%3Cp%3E%3Ch1%3EWorkboard+
XSS%20Pow@!!+%21%21%21+lostmon+was+here+%3AD%3C/h1%3E
i`m speaking whith the developer by msn conversation....
but he is no interesed to fix it ????
:///atentamente
Lostmon (lostmon@gmail.com)thnx to estrella to be my ligth
thnx to all who belibed in me
--
La curiosidad es lo que hace mover la mente.=============================================
conversation whith the developer by MSN==================================================
No interest to fix ??? :O
X---//...Lostmon...Bug on Froogle php script ---> http://lostmon.blogspot.com
...\\----X dice:
hello !
Burnwave Ltd || Oh no! I forgot my voicemail passcode. Thanks IBM Help! dice:
Yes?
X---//...Lostmon...Bug on Froogle php script ---> http://lostmon.blogspot.com
...\\----X dice:
helo you are the developer of
X---//...Lostmon...Bug on Froogle php script ---> http://lostmon.blogspot.com
...\\----X dice:
workboard ?
Burnwave Ltd || Oh no! I forgot my voicemail passcode. Thanks IBM Help! dice:
yes, I am.
X---//...Lostmon...Bug on Froogle php script ---> http://lostmon.blogspot.com
...\\----X dice:
okis i have found 2 poible faws
X---//...Lostmon...Bug on Froogle php script ---> http://lostmon.blogspot.com
...\\----X dice:
in your work
X---//...Lostmon...Bug on Froogle php script ---> http://lostmon.blogspot.com
...\\----X dice:
in 2 variables
Burnwave Ltd || Oh no! I forgot my voicemail passcode. Thanks IBM Help! dice:
unfortunately I do NOT support my free scripts
Burnwave Ltd || Oh no! I forgot my voicemail passcode. Thanks IBM Help! dice:
thanks for reading
Burnwave Ltd || Oh no! I forgot my voicemail passcode. Thanks IBM Help! dice:
if you want an updated version of workboard, go to nukescripts.net.
Burnwave Ltd || Oh no! I forgot my voicemail passcode. Thanks IBM Help! dice:
thanks
X---//...Lostmon...Bug on Froogle php script ---> http://lostmon.blogspot.com
...\\----X dice:
no like toi see ?
No se pudo entregar el mensaje siguiente a todos los destinatarios:
no like toi see ?
--
la curiosidad es lo que hace mover la mente
for variable proyect_id
search: $project_id = intval($project_id);
change for:
case "Project":
$project_id = intval($project_id);
$pagetitle = ": "._MODULE_PROJECT_TITLE."$project_id";
for variable task_id
search: $task_id = intval($task_id);
change for:
case "task":
$task_id = intval($task_id);
$pagetitle = ": "._MODULE_PROJECT_TITLE."$task_id";
Bug found : Lostmon (lostmon@gmail.com)
FIX by Lmc , by suko http://spanishwebmaster.com
Atentamente
Lostmon (lostmon@gmail.com)
thnx to Suko & Lmc
Posts
