Html Injection in vBulletin 3.5.2

Descrizione

The software does not properly filter HTML tags in the title of events before being passed to user in ‘calendar.php’&’reminder.php AS include’. that may allow a remote user to inject HTML/javascript codes to events of calendar. The hostile code may be rendered in the web browser of the victim user who will Request Reminder for those Events (persistent).
For example an attacker creates new event (Single-All Day Event , Ranged Event OR Recurring Event)with this content:

Maggiori informazioni

Soluzione:

Attentere una nuova versione/patch

Share this on Facebook
Tweet This!
Share this on del.icio.us
Share this on FriendFeed
Subscribe to the comments for this post?

Post correlati:

Adobe – Flash e PDF 0days on the wild
Ghost Busters: Zero-day flaw haunts Internet Explorer
Oggi ho proprio voglia di … Clickjacking
Windows 7 crackato ed attivato a tempo di record
Aggiungere le SLIC table (SLP 2.0) in un ACPI BIOS OEM

Tagged as: hacking, sicurezza, vulnerability

Became Fan

Ciò che leggo

Pages

Blogroll

Google Friends

Translate

Recent Comments

Security Bulletting

Archivio

Html Injection in vBulletin 3.5.2

Became Fan

Tags

Ciò che leggo

Pages

Blogroll

Google Friends

Translate

Recent Comments

Security Bulletting

Archivio