Дополнительная информация

Очередные ошибки в Web-приложениях (PHP, ASP, CGI, Perl...)

Portcullis Security Advisory - Movable Type

Secunia Research: cPanel Entropy Chat Script Insertion Vulnerability

[Full-disclosure] Invision Power Board Privilege Escalation (2.0.1 + more)

[SA17410] phpWebThings "forum" SQL Injection Vulnerability

From:	SECUNIA <support_(at)_secunia.com>
Date:	4 ноября 2005 г.
Subject:	[SA17359] vBulletin Image Script Insertion Vulnerability

TITLE:
vBulletin Image Script Insertion Vulnerability

SECUNIA ADVISORY ID:
SA17359

VERIFY ADVISORY:
http://secunia.com/advisories/17359/

CRITICAL:
Less critical

IMPACT:
Cross Site Scripting

WHERE:
>From remote

SOFTWARE:
vBulletin 3.x
http://secunia.com/product/3212/
vBulletin 2.x
http://secunia.com/product/538/

DESCRIPTION:
Tatercrispies has reported a vulnerability in vBulletin, which can be
exploited by malicious people to conduct script insertion attacks.

The vulnerability is caused due to an input validation error in the
image upload handling. This can exploited to execute arbitrary HTML
and script code in a user's browser session in context of an affected
site by uploading a specially crafted valid image containing embedded
HTML and script code.

This is related to:
SA17295

Successful exploitation requires that the malicious image is accessed
directly in the Microsoft Internet Explorer browser (i.e. not
referenced via an image tag).

It has also been reported by the vendor that certain input isn't
properly verified due to a vulnerability in PHP.

For more information:
SA17371

The vulnerability has been reported in versions 3.5.0, 3.0.6 through
3.0.9, and 2.3.4 through 2.3.7. Prior versions may also be affected.

SOLUTION:
Update to version 3.5.1, 3.0.10, or 2.3.8, or apply patch.
http://www.vbulletin.com/forum/showthread.php?t=161721

PROVIDED AND/OR DISCOVERED BY:
Tatercrispies

OTHER REFERENCES:
SA17295:
http://secunia.com/advisories/17295/

SA17371:
http://secunia.com/advisories/17371/

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.