exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

pyForum 1.0.3 XSS / XSRF

pyForum 1.0.3 XSS / XSRF
Posted Dec 15, 2009
Authored by Nam Nguyen | Site bluemoon.com.vn

pyForum version 1.0.3 suffers from cross site scripting and cross site request forgery vulnerabilities.

tags | advisory, vulnerability, xss, csrf
SHA-256 | 73b24a6183e043a15a27f30db6601bc79574df6fd6831a1c33404044a920c174

pyForum 1.0.3 XSS / XSRF

Change Mirror Download
BLUE MOON SECURITY ADVISORY 2009-08
===================================


:Title: Multiple Vulnerabilities in PyForum
:Severity: Critical
:Reporter: Hoang Quoc Thinh and Blue Moon Consulting
:Products: PyForum v1.0.3
:Fixed in: --


Description
-----------

PyForum is a 100% python-based message board system based in the excellent web2py framework.

We have discovered cross site scripting and cross site request forgery vulnerabilities in PyForum. The first allows arbitrary script to run when a post is viewed. The second allows attackers to submit forms (such as changing password) automatically without user's knowledge.

XSS vulnerability lies in the BBcode parsing in module ``models.parser``. The ``img`` and ``url`` tags do not sanitize inputs and hence are susceptible to script injection.

CSRF vulnerability lies in the design of this web application. Forms do not have secure cookies and may be automatically submitted on behalf of the user.

These bugs are rated at critical because they can be easily exploited and cause lost of integrity.

These bugs may exist in older versions and in zForum, from which pyForum derives, too.

Workaround
----------

There is no workaround.

Fix
---

There is no fix at the moment.

Disclosure
----------

Blue Moon Consulting adapts `RFPolicy v2.0 <http://www.wiretrip.net/rfp/policy.html>`_ in notifying vendors.

:Initial vendor contact:

December 05, 2009: Notice sent to Julio Flores Schwarzbeck (techfuel.net)

December 09, 2009: Reminder sent to Julio Flores Schwarzbeck

:Vendor response:

--

:Further communication:

--

:Public disclosure: December 15, 2009

:Exploit code:

No exploit code required.

Disclaimer
----------

The information provided in this advisory is provided "as is" without warranty of any kind. Blue Moon Consulting Co., Ltd disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. Your use of the information on the advisory or materials linked from the advisory is at your own risk. Blue Moon Consulting Co., Ltd reserves the right to change or update this notice at any time.
Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close