[KAPDA::#25] - MyBB 1.x Cross_Site_Scripting
[KAPDA::#25] - MyBB 1.x Cross_Site_Scripting
KAPDA New advisory
Vulnerable products : MYBB 1.x
Vendor: www.mybboard.net/
Risk: medium
Vulnerabilities: Cross_Site_Scripting
Discoverd by Roozbeh Afrasiabi
www.persiax.com
Date :
--------------------
Found : Jan 21 2006
Vendor Contacted : N/A
Release Date : N/A
About :
--------------------
MyBB is a powerful, efficient and free forum package developed in PHP and
MySQL.MyBB has been designed with the end users in mind, you and your
subscribers. Full control over your discussion system is p resented right at
the tip of your fingers, from multiple styles and themes to the ultimate
customisation of your forums using the template system.
Vulnerability:
--------------------
Cross_Site_Scripting (XSS,CSS):
MYBB is affected by a cross-site scripting vulnerability. This issue is due
to the failure of the application to properly sanitize user-supplied input.
As a result of this vulnerability, it is possible for a remote attacker to
create a malicious link containing script code that will be executed in the
browser of an unsuspecting user when followed.
Detail and PoC :
--------------------
1)
The application does not validate the "notepad" variable upon submission to the
usercp.php script via the POST method.The personal pad would save this data
which would later be displayed to the user(i.e on visiting the persoanal pad
page).
h**p://[target]/usercp.php?action=notepad
notepad=</textarea><script>alert(document.cookie)</script>
2)
This flaw exists because the application does not validate the "signature"
variable upon submission to the usercp.php script via the POST method.
h**p://[target]/usercp.php?action=editsig
signature=</textarea><script>alert(document.cookie)</script>
Solution :
--------------------
N/A
Original Advisory :
--------------------
http://kapda.ir/advisory-241.html
Credit :
--------------------
Discoverd by Roozbeh Afrasiabi
roozbeh_afrasiabi[at]yahoo.com
black_death[at]kapda.ir
www.persiax.com