[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

There is a Permanent-type Cross-Site Vulnerability in “Personal Signature” in all version of Discuz!. It can be written by the worm!

To: <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: There is a Permanent-type Cross-Site Vulnerability in “Personal Signature” in all version of Discuz!. It can be written by the worm!
From: lis cker <liscker@xxxxxxxxxxx>
Date: Thu, 25 Mar 2010 05:58:56 -0700

There is a Permanent-type Cross-Site Vulnerability in “Personal Signature” in 
all version of Discuz!. It can be written by the worm!
 
 
Discuz! do not filter the Malicious code when user enter their personal 
signature, attacker can enter the xss code, Discuz! will save and run it! It 
maybe lead the propagation of worm!
 
 
 

For example:
 
we can register an user, and enter the xss code to our personal signature! 
 
like:
</textarea><script>alert(/Liscker/);</script><textarea>
 
 
 
Vulnerable:  Discuz! <=7.2    all version!
 
 
 
 
Liscker
2010.03.24

Prev by Date: Ruxcon 2010 Call For Papers
Next by Date: Multiple Vulnerabilities in EASY Enterprise DMS
Previous by thread: Ruxcon 2010 Call For Papers
Next by thread: Multiple Vulnerabilities in EASY Enterprise DMS
Index(es):
- Date
- Thread