Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[KAPDA::#25] - MyBB 1.x Cross_Site_Scripting

from [roozbeh_afrasiabi] Network Security [Permanent Link]
Subject: [KAPDA::#25] - MyBB 1.x Cross_Site_Scripting
Date: 24 Jan 2006 18:50:12 -0000 
[KAPDA::#25] - MyBB 1.x Cross_Site_Scripting

KAPDA New advisory

Vulnerable products : MYBB 1.x
Vendor:  www.mybboard.net/
Risk: medium 
Vulnerabilities: Cross_Site_Scripting
Discoverd by Roozbeh Afrasiabi
www.persiax.com

Date :
--------------------
Found : Jan 21 2006
Vendor Contacted : N/A
Release Date : N/A

About :
--------------------
MyBB is a powerful, efficient and free forum package developed in PHP and 
MySQL.MyBB has been designed with the end users in mind, you and your 
subscribers. Full control over your discussion  system is p resented right  at 
the tip  of your  fingers, from multiple  styles and  themes to the ultimate  
customisation of your forums using the template system.



Vulnerability:
--------------------
Cross_Site_Scripting (XSS,CSS):

MYBB is affected by a  cross-site scripting  vulnerability. This issue is due 
to the failure of the application to properly sanitize user-supplied input.

As a result of this vulnerability, it is possible for a remote attacker to 
create a malicious link containing script code that will be executed  in the 
browser of an unsuspecting user when followed. 


Detail and PoC :
--------------------

1)

The application does not validate the "notepad" variable upon submission to the 
usercp.php script via the POST method.The personal pad would save this data 
which would later be displayed to the user(i.e on visiting the persoanal pad 
page).  

h**p://[target]/usercp.php?action=notepad
notepad=</textarea><script>alert(document.cookie)</script>


2)

This flaw exists because the application does not validate the "signature" 
variable upon submission to the usercp.php script via the POST method.

h**p://[target]/usercp.php?action=editsig
signature=</textarea><script>alert(document.cookie)</script>



Solution :
--------------------
N/A


Original Advisory :
--------------------
http://kapda.ir/advisory-241.html


Credit :
--------------------
Discoverd by Roozbeh Afrasiabi
roozbeh_afrasiabi[at]yahoo.com
black_death[at]kapda.ir
www.persiax.com
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [KAPDA::#25] - MyBB 1.x Cross_Site_Scripting, roozbeh_afrasiabi <=
Previous by Date:  [eVuln] miniBloggie Authentication Bypass, alex
Next by Date:  Newsphp Multiple SQL Injection Vulnerabilities, at
Previous by Thread:  [eVuln] miniBloggie Authentication Bypass, alex
Next by Thread:  Newsphp Multiple SQL Injection Vulnerabilities, at
Indexes:  [Date] [Thread] [Top] [All Lists]