COMMAND

    WebBoard

SYSTEMS AFFECTED

    O'Reilly WebBoard 4.10.30

PROBLEM

    Helmuth Antholzer found following.  He found following problem  in
    the WebBoard. The Board has a paging function.  User A can send  a
    message to user B.  User B gets a javascript popup (produced  with
    alert()) with the message from user  A.  The problem is that  user
    A  can  close  the  alert()  function  and  so  he can execute his
    javascript code on user B's machine.

    Example of a message wich executes my code:

        \');for(i=0;i<100000;i++) alert("not nice"); //

    There is a function that escapes the ' but if we escape it will be
    escaped a  second time  ... the  effect is  that then  the \  will
    escaped and the  alert is closed.   So after that  we can put  our
    code!

    // (comment) this  comment is needed  becaus there is  still a ');
    from the alert, with the help of the commen this will not  produce
    an error.

SOLUTION

    Nothing yet.