hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
GovernmentSecurity.org > The Archives > Exploit Articles
qcred11
May 29 2004, 09:20 PM
QUOTE


About Product

=============

LDU is a php/mysql website engine.

Description

===========

A cross site scripting vulnerability exist in the BBcodes of the LDU forum.

When you add a image to your message on the forum, the script doesn't check if it is
javascript.

I will give the following proof of concept:

img
javascript:alert(document.cookie);
/img

With this vuln, you are able to become any user who uses a browser that
"supports" xss (like IE), so it is possible to become admin.

Further there also lies a browser independed problem, cause if you post this message:

img
http://www.thesitewithLDU.com/auth.php?m=logout
/img


everyone who reads the topic, will logout.

Solution
========

I e-mailed the LDU developers and the bug was fixed the same day i notified them.


Update to the newest version of LDU 700.

Update link: http://ldu.neocrome.net/page.php?id=1357


Credits

=======


crypt0 of www.cyber-war.org (timdegier@home.nl)

ComSec
May 30 2004, 01:01 AM
were was this vuln originally posted ?

bugtaq ?
secunia?
securitytracker ?

can you please give out WERE it came from.., some of us like to do further research.

cheers
qcred11
May 30 2004, 03:49 AM
Sure, chief.
Here is the link:
http://seclists.org/lists/bugtraq/2004/May/0312.html
ComSec
May 30 2004, 11:38 AM
thanks... be gratefull if you include the site's in future saves the hassle of rooting them out ... regards
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.