vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   Programming Articles (https://vborg.vbsupport.ru/forumdisplay.php?f=188)
-   -   Template Headinclude XSS Bug Internet Explorer (https://vborg.vbsupport.ru/showthread.php?t=83480)

DR?@M W?@V?R 06-20-2005 10:00 PM
Template Headinclude XSS Bug Internet Explorer
 
Taken from vbulletin.com, should be noted when makeing new templates or updateing old ones.

http://www.vbulletin.com/forum/showthread.php?t=143261

In order to work around an XSS bug in Internet Explorer, wherever a page contains <title> tags, the <title> has been moved below the $headinclude section.

For Example

Quote:
<head>
<title>$vboptions[bbtitle]</title>
$headinclude
</head>
Becomes

Quote:
<head>
$headinclude
<title>$vboptions[bbtitle]</title>
</head>

Revan 06-21-2005 01:23 PM
[high]* Revan has already updated templates for RPG for vB 3.5 with this change :)[/high]

Link14716 06-24-2005 05:58 PM
Also taken from vB.com, a way to use template find/replace to solve the problem. ;)

http://www.vbulletin.com/forum/showthread.php?t=143320

akanevsky 06-24-2005 08:50 PM
Umm.. What's the difference whether the title tag is above the insert or below the insert? I can't think of a situation where this would be of any importance. Thanks.

Link14716 06-24-2005 11:41 PM
Quote:
Originally Posted by Dark Visor
Umm.. What's the difference whether the title tag is above the insert or below the insert? I can't think of a situation where this would be of any importance. Thanks.
Obviously it is an importance in IE because of some bug.

akanevsky 06-25-2005 12:52 AM
So IE won't read the title tag if it is not the first one within the head tag?

Link14716 06-25-2005 01:22 AM
That's not the bug. It's an XSS bug.

http://en.wikipedia.org/wiki/XSS

akanevsky 10-10-2005 09:42 PM
Since this is not a How-To, I believe this should be moved.
Or even deleted since it is outdated (fixed in 3.5 gold)

Andreas 10-10-2005 09:44 PM
Quote:
Originally Posted by Dark Visor
Since this is not a How-To, I believe this should be moved.
Or even deleted since it is outdated (fixed in 3.5 gold)
It's in the right place and won't be moved or deleted as it is important information for Hack authors. :)

akanevsky 10-10-2005 10:37 PM
Quote:
It's in the right place and won't be moved or deleted as it is important information for Hack authors.
I thought How-To was for instructions on how to make hacks...
This is kind of a bug report. I think this should be on vbulletin.com rather than here. :)

Jenta 10-10-2005 11:22 PM
this is a how to for hacks
it tells hack authors proper placement of titles in their hacks

thincom2000 04-04-2009 06:10 AM
I'm confused. Is the XSS caused by <title> being the first element in the <head> tag, or is it caused because <script> tags are placed after it in the <head> tag. Is this simply a browser quirk or is it because your $headinclude or intended <script> might be untrustworthy?

As you can see the problem of not fully explaining the attack points, while preventing people from having the knowledge to execute attacks, also prevents coders from being able to prevent them because they don't have all the information, and get ideas such as "I guess I can't place ANY code after the <title> tags but before the </head> tag in ANY web page (not just vB pages)."


All times are GMT. The time now is 12:32 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01192 seconds
  • Memory Usage 1,730KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (5)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (12)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete