Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > Premium Archives > ibProArcade Archive
Reload this Page ibProArcade Cross Site Scripting Vulnerability/Exploit
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools
ibProArcade Cross Site Scripting Vulnerability/Exploit Details »»
ibProArcade Cross Site Scripting Vulnerability/Exploit
MOD Information
The Developer
 
Version: , by Awakeni Awakeni is offline
Developer Last Online: Aug 2009 Show Printable Version Email this Page
Version: Unknown Rating:
Released: 05-29-2007 Last Update: Never Installs: 0
 
No support by the author.

Your version of the arcade module for vBulletin has a Cross Site Scripting (XSS) vulnerability. The "comment" field on the scoreboard, does not properly filter HTML code, and allows users to inject arbitrary (and potentially malicious) javascript and HTML code into the field.

Combined with the fact that the scoring system has little verification, people could post ridiculous scores that have javascript that redirects to phishing sites, cookie stealers, keyloggers, etc.

I would suggest you to release a patch ASAP (a very minor code change would be required).

A malicious user can really do a lot of damage with such a security flaw.

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #2  
Old 05-29-2007, 08:01 PM
MrZeropage's Avatar
MrZeropage MrZeropage is offline
 
Join Date: Nov 2003
Location: Munich, Germany
Posts: 3,012
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
by using actual release (v2.6.1+) there is no XSS-vulnerability.

I don't know which version you use, and anyway you should provide such information via PM first and not explain details about security-issues in the future

Scores are secured against cheating by using new v32 and v33 games which detect such attemts on changing scores ect...
Reply With Quote
  #3  
Old 05-29-2007, 08:12 PM
Awakeni Awakeni is offline
 
Join Date: Apr 2007
Posts: 7
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Not true. A user just did a XSS injection on my arcade and we use the latest version. He put a youtube video in a comment field. And there's ways to prevent all games from being so easily tampered with. It would be great if you could come up with a patch asap.

www.nihilum.eu
Reply With Quote
  #4  
Old 05-29-2007, 08:35 PM
DementedMindz DementedMindz is offline
 
Join Date: Jan 2006
Posts: 1,474
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
well if you know ways to prevent them from being tampered with why don't you post a fix?
Reply With Quote
  #5  
Old 05-29-2007, 09:49 PM
Stifmeister2 Stifmeister2 is offline
 
Join Date: Feb 2006
Location: Finland
Posts: 755
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Yes please send Mer Zeropage a PM and explain how they can be prevented.
Reply With Quote
  #6  
Old 05-29-2007, 11:21 PM
Awakeni Awakeni is offline
 
Join Date: Apr 2007
Posts: 7
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
I'm a busy man. But I felt it was a must to at least post about it. Trust me, if I had the time I would look into it more. Here's hoping for a patch.
Reply With Quote
  #7  
Old 05-30-2007, 10:24 AM
MrZeropage's Avatar
MrZeropage MrZeropage is offline
 
Join Date: Nov 2003
Location: Munich, Germany
Posts: 3,012
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
checked the code and in v2.6.1+ the comment is sanitized, but will verify this again and talk to Awakeni
Reply With Quote
  #8  
Old 05-30-2007, 09:17 PM
MrZeropage's Avatar
MrZeropage MrZeropage is offline
 
Join Date: Nov 2003
Location: Munich, Germany
Posts: 3,012
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
the arcade itself is secure, comments are working fine

Arcade ModCP has a little problem with editing comments, this is fixed now for v2.6.2+
until release of this, make sure to provide access to your arcade's ModCP only to people you trust! (which you should do anyway)
Reply With Quote
Reply

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 05:23 PM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04899 seconds
  • Memory Usage 2,260KB
  • Queries Executed 21 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (8)post_thanks_box
  • (8)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (8)post_thanks_postbit_info
  • (7)postbit
  • (8)postbit_onlinestatus
  • (8)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete