TUCoPS :: Web BBS :: etc :: tb12998.htm

nssboard - HTML Injection Vuln
HTML Injection Vuln in nssboard
HTML Injection Vuln in nssboard


Nssboard, formerly Simple PHP forum, is vulnerable to HTML injection including scripts (possible XSS) in two ways:=0D
1. If BBcode is disabled, HTML tags are no longer stripped, allowing XSS attacks, etc.=0D
=0D
2. Profile information (user, email, Real Name) is not filtered. For example a user could use something like " " as a Real name and the script would execute everytime someone views that users profile or the members page. =0D
=0D
However the number of characters allowed in Real name is limited so it's unlikely too much damage could be done. =0D
=0D
If XSS is allowed, it could allow for Session Hijacking.=0D
=0D
I found this bug using version 6.1 of NSSboard (the latest as of this writing), and it's likely that all earlier versions are also affected, but I didn't test them. I am using Debian Linux and lighttpd to host it.=0D
=0D
The fix would be to make sure HTML tags are filtered regardless of BBcode being enabled, and to filter user profile input data.=0D
=0D
If you are using this software, I would recommend having BBcode enabled even if you don't need it. =0D
=0D
Credit: Me (Casey Fitzpatrick) aka: kcghost, kcblah=0D
=0D

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH