Security Advisory: BiTBOARD xss

[Martin Heistermann <martin.heistermann@xxxxxx>]

Advisory Information
--------------------
Advisory name           :  BiTBOARD XSS
Discovered by           :  drhankey / it-security23.net
Vendor Name             :  the bitshifters sdc
Vendor Homepage         :  http://www.bitshifters.net
Software                :  Bitboard
Vulnerability Type      :  Cross-Site-Scripting
Vulnerable Versions     :  2.5 and prior
Platforms               :  OS Independent, PHP


What is Bitshifters Bitboard?
----------------------------------
Woltlab Burning Board Lite is a free message board using plain text files as 
database.


Vulnerability Description:
-------------------------
Ii's possible to inject javascript by abusing some kind of bbcode used in the 
posting system.

Proof of Concept:
-----------------
[img]path/to/some/image' onMouseover='alert("hehehe... insecure");[/img]