The fix listed below is functional, but the vendor of this product has released a much better version posted at http://forum.snitz.com/forum/link.asp?TOPIC_ID=23660 Please use the above version, as it uses the replace function properly (I was in a hurry), takes care of more characters, and is the vendor approved patch. I am -=not=- the vendor for this product, I just think it's an excellent application, and have used it a great deal. (The fact that it's free is like a total bonus ;) ) The website for this application can be found at http://www.snitz.com or http://forum.snitz.com (Forum site) . I posted the fix because I wanted administrators to be able to resolve this problem as quickly as possible. :) Josh -=-=-=FORWARDED MESSAGE >'##### Quick Bug fix for Javascript in [img] tags - Joshua Hiller 02.27.02 ##### > strUrlText = replace(LCase(strUrlText),"javascript", "") >'##### End Quick Bug fix for Javascript in [img] tags - Joshua Hiller 02.27.02 ##### > > > > > > "Justin" > <jwgolihew@cs.miller To: <bugtraq@securityfocus.org> > sville.edu> cc: > Subject: RE: Open Bulletin Board javascript bug. > 02/26/02 06:05 PM > > > > > > >Snitz Forums 2000, another free bulletin board software is also vulnerable. > >-----Original Message----- >From: godminus [mailto:godminus@owns.com] >Sent: Tuesday, February 26, 2002 1:24 PM >To: bugtraq@securityfocus.org >Subject: Re: Open Bulletin Board javascript bug. > > >> OpenBB is free php-based forum. >> >> Exploit: >> [img]javasCript:alert('Hello world.')[/img] >> >> Vulnerable systems: >> All versions of Open Bulletin Board including >> v.1.0.0 >> >> Immune systems: >> None >> >> Solution: >> All url's in [img] tags should start >> with "http://"; >> >> Yurij Rumiantsev > >Ikonboard version 3.0.1 is vulnerable for the same bug > > -- godminus > > > > >
