ID YABB_USERSRECENTPOSTS_XSS.NASL Type nessus Reporter Tenable Modified 2018-09-10T00:00:00
Description
The installed version of YaBB (Yet Another Bulletin Board) on the remote host suffers from a remote cross-site scripting flaw due to its failure to properly sanitize input passed via the 'username' parameter and used as part of the 'usersrecentposts' action. By exploiting this flaw, a remote attacker can cause arbitrary code to be executed in a user's browser in the context of the affected website, resulting in the theft of authentication data or other such attacks.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description) {
script_id(17305);
script_version("1.19");
script_cve_id("CVE-2005-0741", "CVE-2005-0785");
script_bugtraq_id(12756);
script_name(english:"YaBB YaBB.pl usersrecentposts Action username Parameter XSS");
script_set_attribute(attribute:"synopsis", value:
"The remote web server contains a CGI application that is prone to
cross-site scripting attacks." );
script_set_attribute(attribute:"description", value:
"The installed version of YaBB (Yet Another Bulletin Board) on the
remote host suffers from a remote cross-site scripting flaw due to its
failure to properly sanitize input passed via the 'username' parameter
and used as part of the 'usersrecentposts' action. By exploiting this
flaw, a remote attacker can cause arbitrary code to be executed in a
user's browser in the context of the affected website, resulting in
the theft of authentication data or other such attacks." );
script_set_attribute(attribute:"solution", value:
"Upgrade to YaBB version 2 RC2 or greater." );
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
script_set_attribute(attribute:"plugin_publication_date", value: "2005/03/10");
script_set_attribute(attribute:"vuln_publication_date", value: "2005/03/13");
script_cvs_date("Date: 2018/09/10 11:37:04");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();
script_summary(english:"Checks for usersrecentposts cross-site scripting vulnerability in YaBB");
script_category(ACT_ATTACK);
script_copyright(english:"This script is Copyright (C) 2005-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"CGI abuses : XSS");
script_dependencie("http_version.nasl", "cross_site_scripting.nasl");
script_require_ports("Services/www", 80);
script_exclude_keys("Settings/disable_cgi_scanning");
exit(0);
}
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
port = get_http_port(default:80, embedded: 0);
if (thorough_tests) dirs = list_uniq(make_list("/yabb", "/yabb2", "/forum", cgi_dirs()));
else dirs = make_list(cgi_dirs());
test_cgi_xss(port: port, cgi: "/YaBB.pl", dirs: dirs,
qs: "<IFRAME%20SRC%3Djavascript:alert('Nessus%2Dwas%2Dhere')><%252FIFRAME>",
pass_str: "<IFRAME SRC=javascript:alert('Nessus%2Dwas%2Dhere')" );
{"id": "YABB_USERSRECENTPOSTS_XSS.NASL", "bulletinFamily": "scanner", "title": "YaBB YaBB.pl usersrecentposts Action username Parameter XSS", "description": "The installed version of YaBB (Yet Another Bulletin Board) on the remote host suffers from a remote cross-site scripting flaw due to its failure to properly sanitize input passed via the 'username' parameter and used as part of the 'usersrecentposts' action. By exploiting this flaw, a remote attacker can cause arbitrary code to be executed in a user's browser in the context of the affected website, resulting in the theft of authentication data or other such attacks.", "published": "2005-03-10T00:00:00", "modified": "2018-09-10T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=17305", "reporter": "Tenable", "references": [], "cvelist": ["CVE-2005-0785", "CVE-2005-0741"], "type": "nessus", "lastseen": "2018-09-12T10:14:18", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2005-0785", "CVE-2005-0741"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "The installed version of YaBB (Yet Another Bulletin Board) on the remote host suffers from a remote cross-site scripting flaw due to its failure to properly sanitize input passed via the 'username' parameter and used as part of the 'usersrecentposts' action. By exploiting this flaw, a remote attacker can cause arbitrary code to be executed in a user's browser in the context of the affected website, resulting in the theft of authentication data or other such attacks.", "edition": 2, "enchantments": {"score": {"value": 4.3, "vector": "NONE"}}, "hash": "2fb1d8f74da804c77eaf8c9bdcffed2a28bede282fca587a10f1a6a83cf51cfc", "hashmap": [{"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "baf5b025127dc26570193114dc9afa6a", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "1be916e7eda279a42c12b84ea56d36c2", "key": "sourceData"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "71bc5ce2c6c2082eec188cd6e47cddff", "key": "modified"}, {"hash": "0c9fa6aa853cc4da5eb0c66ae0ee2b6d", "key": "description"}, {"hash": "1470bf9e741f2af528f6f76566eb5f25", "key": "title"}, {"hash": "61e021375865ee20d8f9e2562510b86f", "key": "naslFamily"}, {"hash": "b0402bac01b38dbccb6faa19f866fe1e", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "87dbbcde02455fc1add054b412a87714", "key": "pluginID"}, {"hash": "9d957e5f5242ddce2aacfd682a9ff126", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=17305", "id": "YABB_USERSRECENTPOSTS_XSS.NASL", "lastseen": "2018-08-23T18:08:18", "modified": "2018-08-22T00:00:00", "naslFamily": "CGI abuses : XSS", "objectVersion": "1.3", "pluginID": "17305", "published": "2005-03-10T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\ninclude(\"compat.inc\");\n\nif (description) {\n script_id(17305);\n script_version(\"1.18\");\n\n script_cve_id(\"CVE-2005-0741\", \"CVE-2005-0785\");\n script_bugtraq_id(12756);\n\n script_name(english:\"YaBB YaBB.pl usersrecentposts Action username Parameter XSS\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains a CGI application that is prone to \ncross-site scripting attacks.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of YaBB (Yet Another Bulletin Board) on the\nremote host suffers from a remote cross-site scripting flaw due to its\nfailure to properly sanitize input passed via the 'username' parameter\nand used as part of the 'usersrecentposts' action. By exploiting this\nflaw, a remote attacker can cause arbitrary code to be executed in a\nuser's browser in the context of the affected website, resulting in\nthe theft of authentication data or other such attacks.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to YaBB version 2 RC2 or greater.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2005/03/10\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2005/03/13\");\n script_cvs_date(\"Date: 2018/08/22 16:49:13\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"remote\");\nscript_end_attributes();\n\n \n script_summary(english:\"Checks for usersrecentposts cross-site scripting vulnerability in YaBB\");\n script_category(ACT_ATTACK);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CGI abuses : XSS\");\n script_dependencie(\"http_version.nasl\", \"cross_site_scripting.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:80, embedded: 0);\n\nif (thorough_tests) dirs = list_uniq(make_list(\"/yabb\", \"/yabb2\", \"/forum\", cgi_dirs()));\nelse dirs = make_list(cgi_dirs());\n\ntest_cgi_xss(port: port, cgi: \"/YaBB.pl\", dirs: dirs, \n qs: \"<IFRAME%20SRC%3Djavascript:alert('Nessus%2Dwas%2Dhere')><%252FIFRAME>\",\n pass_str: \"<IFRAME SRC=javascript:alert('Nessus%2Dwas%2Dhere')\" );\n\n", "title": "YaBB YaBB.pl usersrecentposts Action username Parameter XSS", "type": "nessus", "viewCount": 128}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2018-08-23T18:08:18"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2005-0785", "CVE-2005-0741"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "The installed version of YaBB (Yet Another Bulletin Board) on the remote host suffers from a remote cross-site scripting flaw due to its failure to properly sanitize input passed via the 'username' parameter and used as part of the 'usersrecentposts' action. By exploiting this flaw, a remote attacker can cause arbitrary code to be executed in a user's browser in the context of the affected website, resulting in the theft of authentication data or other such attacks.", "edition": 4, "enchantments": {"score": {"value": 4.3, "vector": "NONE"}}, "hash": "2fb1d8f74da804c77eaf8c9bdcffed2a28bede282fca587a10f1a6a83cf51cfc", "hashmap": [{"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "baf5b025127dc26570193114dc9afa6a", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "1be916e7eda279a42c12b84ea56d36c2", "key": "sourceData"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "71bc5ce2c6c2082eec188cd6e47cddff", "key": "modified"}, {"hash": "0c9fa6aa853cc4da5eb0c66ae0ee2b6d", "key": "description"}, {"hash": "1470bf9e741f2af528f6f76566eb5f25", "key": "title"}, {"hash": "61e021375865ee20d8f9e2562510b86f", "key": "naslFamily"}, {"hash": "b0402bac01b38dbccb6faa19f866fe1e", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "87dbbcde02455fc1add054b412a87714", "key": "pluginID"}, {"hash": "9d957e5f5242ddce2aacfd682a9ff126", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=17305", "id": "YABB_USERSRECENTPOSTS_XSS.NASL", "lastseen": "2018-09-02T00:09:19", "modified": "2018-08-22T00:00:00", "naslFamily": "CGI abuses : XSS", "objectVersion": "1.3", "pluginID": "17305", "published": "2005-03-10T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\ninclude(\"compat.inc\");\n\nif (description) {\n script_id(17305);\n script_version(\"1.18\");\n\n script_cve_id(\"CVE-2005-0741\", \"CVE-2005-0785\");\n script_bugtraq_id(12756);\n\n script_name(english:\"YaBB YaBB.pl usersrecentposts Action username Parameter XSS\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains a CGI application that is prone to \ncross-site scripting attacks.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of YaBB (Yet Another Bulletin Board) on the\nremote host suffers from a remote cross-site scripting flaw due to its\nfailure to properly sanitize input passed via the 'username' parameter\nand used as part of the 'usersrecentposts' action. By exploiting this\nflaw, a remote attacker can cause arbitrary code to be executed in a\nuser's browser in the context of the affected website, resulting in\nthe theft of authentication data or other such attacks.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to YaBB version 2 RC2 or greater.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2005/03/10\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2005/03/13\");\n script_cvs_date(\"Date: 2018/08/22 16:49:13\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"remote\");\nscript_end_attributes();\n\n \n script_summary(english:\"Checks for usersrecentposts cross-site scripting vulnerability in YaBB\");\n script_category(ACT_ATTACK);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CGI abuses : XSS\");\n script_dependencie(\"http_version.nasl\", \"cross_site_scripting.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:80, embedded: 0);\n\nif (thorough_tests) dirs = list_uniq(make_list(\"/yabb\", \"/yabb2\", \"/forum\", cgi_dirs()));\nelse dirs = make_list(cgi_dirs());\n\ntest_cgi_xss(port: port, cgi: \"/YaBB.pl\", dirs: dirs, \n qs: \"<IFRAME%20SRC%3Djavascript:alert('Nessus%2Dwas%2Dhere')><%252FIFRAME>\",\n pass_str: \"<IFRAME SRC=javascript:alert('Nessus%2Dwas%2Dhere')\" );\n\n", "title": "YaBB YaBB.pl usersrecentposts Action username Parameter XSS", "type": "nessus", "viewCount": 128}, "differentElements": ["modified", "sourceData"], "edition": 4, "lastseen": "2018-09-02T00:09:19"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2005-0785", "CVE-2005-0741"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "The installed version of YaBB (Yet Another Bulletin Board) on the remote host suffers from a remote cross-site scripting flaw due to its failure to properly sanitize input passed via the 'username' parameter and used as part of the 'usersrecentposts' action. By exploiting this flaw, a remote attacker can cause arbitrary code to be executed in a user's browser in the context of the affected website, resulting in the theft of authentication data or other such attacks.", "edition": 1, "enchantments": {"score": {"value": 4.3, "vector": "NONE"}}, "hash": "4f8158f7bb487637f282569916aa77c437241a7b44dc88373748e1bd3cc9309d", "hashmap": [{"hash": "577ef4cb2f774b0dfc1f5ba70ac1557f", "key": "modified"}, {"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "baf5b025127dc26570193114dc9afa6a", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "0c9fa6aa853cc4da5eb0c66ae0ee2b6d", "key": "description"}, {"hash": "1470bf9e741f2af528f6f76566eb5f25", "key": "title"}, {"hash": "61e021375865ee20d8f9e2562510b86f", "key": "naslFamily"}, {"hash": "b0402bac01b38dbccb6faa19f866fe1e", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "87dbbcde02455fc1add054b412a87714", "key": "pluginID"}, {"hash": "9d957e5f5242ddce2aacfd682a9ff126", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "0d5b4767ec008e10aa6bf2ca8a78492c", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=17305", "id": "YABB_USERSRECENTPOSTS_XSS.NASL", "lastseen": "2016-09-26T17:26:37", "modified": "2015-01-16T00:00:00", "naslFamily": "CGI abuses : XSS", "objectVersion": "1.2", "pluginID": "17305", "published": "2005-03-10T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\ninclude(\"compat.inc\");\n\nif (description) {\n script_id(17305);\n script_version(\"$Revision: 1.17 $\");\n\n script_cve_id(\"CVE-2005-0741\", \"CVE-2005-0785\");\n script_bugtraq_id(12756);\n script_xref(name:\"OSVDB\", value:\"14827\");\n\n script_name(english:\"YaBB YaBB.pl usersrecentposts Action username Parameter XSS\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains a CGI application that is prone to \ncross-site scripting attacks.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of YaBB (Yet Another Bulletin Board) on the\nremote host suffers from a remote cross-site scripting flaw due to its\nfailure to properly sanitize input passed via the 'username' parameter\nand used as part of the 'usersrecentposts' action. By exploiting this\nflaw, a remote attacker can cause arbitrary code to be executed in a\nuser's browser in the context of the affected website, resulting in\nthe theft of authentication data or other such attacks.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to YaBB version 2 RC2 or greater.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2005/03/10\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2005/03/13\");\n script_cvs_date(\"$Date: 2015/01/16 03:36:09 $\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"remote\");\nscript_end_attributes();\n\n \n script_summary(english:\"Checks for usersrecentposts cross-site scripting vulnerability in YaBB\");\n script_category(ACT_ATTACK);\n script_copyright(english:\"This script is Copyright (C) 2005-2015 Tenable Network Security, Inc.\");\n script_family(english:\"CGI abuses : XSS\");\n script_dependencie(\"http_version.nasl\", \"cross_site_scripting.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:80, embedded: 0);\n\nif (thorough_tests) dirs = list_uniq(make_list(\"/yabb\", \"/yabb2\", \"/forum\", cgi_dirs()));\nelse dirs = make_list(cgi_dirs());\n\ntest_cgi_xss(port: port, cgi: \"/YaBB.pl\", dirs: dirs, \n qs: \"<IFRAME%20SRC%3Djavascript:alert('Nessus%2Dwas%2Dhere')><%252FIFRAME>\",\n pass_str: \"<IFRAME SRC=javascript:alert('Nessus%2Dwas%2Dhere')\" );\n\n", "title": "YaBB YaBB.pl usersrecentposts Action username Parameter XSS", "type": "nessus", "viewCount": 128}, "differentElements": ["modified", "sourceData"], "edition": 1, "lastseen": "2016-09-26T17:26:37"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2005-0785", "CVE-2005-0741"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "The installed version of YaBB (Yet Another Bulletin Board) on the remote host suffers from a remote cross-site scripting flaw due to its failure to properly sanitize input passed via the 'username' parameter and used as part of the 'usersrecentposts' action. By exploiting this flaw, a remote attacker can cause arbitrary code to be executed in a user's browser in the context of the affected website, resulting in the theft of authentication data or other such attacks.", "edition": 3, "enchantments": {"score": {"value": 4.3, "vector": "NONE"}}, "hash": "a840421d1a2c77acbb3b0116c8dfe6d284723a1f7b23456d813a7ab1b35b6fab", "hashmap": [{"hash": "baf5b025127dc26570193114dc9afa6a", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "1be916e7eda279a42c12b84ea56d36c2", "key": "sourceData"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "71bc5ce2c6c2082eec188cd6e47cddff", "key": "modified"}, {"hash": "0c9fa6aa853cc4da5eb0c66ae0ee2b6d", "key": "description"}, {"hash": "1470bf9e741f2af528f6f76566eb5f25", "key": "title"}, {"hash": "61e021375865ee20d8f9e2562510b86f", "key": "naslFamily"}, {"hash": "b0402bac01b38dbccb6faa19f866fe1e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "87dbbcde02455fc1add054b412a87714", "key": "pluginID"}, {"hash": "9d957e5f5242ddce2aacfd682a9ff126", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=17305", "id": "YABB_USERSRECENTPOSTS_XSS.NASL", "lastseen": "2018-08-30T19:57:34", "modified": "2018-08-22T00:00:00", "naslFamily": "CGI abuses : XSS", "objectVersion": "1.3", "pluginID": "17305", "published": "2005-03-10T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\ninclude(\"compat.inc\");\n\nif (description) {\n script_id(17305);\n script_version(\"1.18\");\n\n script_cve_id(\"CVE-2005-0741\", \"CVE-2005-0785\");\n script_bugtraq_id(12756);\n\n script_name(english:\"YaBB YaBB.pl usersrecentposts Action username Parameter XSS\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains a CGI application that is prone to \ncross-site scripting attacks.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of YaBB (Yet Another Bulletin Board) on the\nremote host suffers from a remote cross-site scripting flaw due to its\nfailure to properly sanitize input passed via the 'username' parameter\nand used as part of the 'usersrecentposts' action. By exploiting this\nflaw, a remote attacker can cause arbitrary code to be executed in a\nuser's browser in the context of the affected website, resulting in\nthe theft of authentication data or other such attacks.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to YaBB version 2 RC2 or greater.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2005/03/10\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2005/03/13\");\n script_cvs_date(\"Date: 2018/08/22 16:49:13\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"remote\");\nscript_end_attributes();\n\n \n script_summary(english:\"Checks for usersrecentposts cross-site scripting vulnerability in YaBB\");\n script_category(ACT_ATTACK);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CGI abuses : XSS\");\n script_dependencie(\"http_version.nasl\", \"cross_site_scripting.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:80, embedded: 0);\n\nif (thorough_tests) dirs = list_uniq(make_list(\"/yabb\", \"/yabb2\", \"/forum\", cgi_dirs()));\nelse dirs = make_list(cgi_dirs());\n\ntest_cgi_xss(port: port, cgi: \"/YaBB.pl\", dirs: dirs, \n qs: \"<IFRAME%20SRC%3Djavascript:alert('Nessus%2Dwas%2Dhere')><%252FIFRAME>\",\n pass_str: \"<IFRAME SRC=javascript:alert('Nessus%2Dwas%2Dhere')\" );\n\n", "title": "YaBB YaBB.pl usersrecentposts Action username Parameter XSS", "type": "nessus", "viewCount": 128}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-30T19:57:34"}], "edition": 5, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvelist", "hash": "b0402bac01b38dbccb6faa19f866fe1e"}, {"key": "cvss", "hash": "6e9bdd2021503689a2ad9254c9cdf2b3"}, {"key": "description", "hash": "0c9fa6aa853cc4da5eb0c66ae0ee2b6d"}, {"key": "href", "hash": "9d957e5f5242ddce2aacfd682a9ff126"}, {"key": "modified", "hash": "7f86b488cde79959076c92cafc9748f6"}, {"key": "naslFamily", "hash": "61e021375865ee20d8f9e2562510b86f"}, {"key": "pluginID", "hash": "87dbbcde02455fc1add054b412a87714"}, {"key": "published", "hash": "baf5b025127dc26570193114dc9afa6a"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "42e60e8cbcbc630dcefa5250ad11e994"}, {"key": "title", "hash": "1470bf9e741f2af528f6f76566eb5f25"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "163424a16643c05fc85cd7dfd199deb37dc88b408ee429a0a5dc72b02215e4fa", "viewCount": 129, "enchantments": {"score": {"value": 4.3, "vector": "NONE"}, "vulnersScore": 4.3}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\ninclude(\"compat.inc\");\n\nif (description) {\n script_id(17305);\n script_version(\"1.19\");\n\n script_cve_id(\"CVE-2005-0741\", \"CVE-2005-0785\");\n script_bugtraq_id(12756);\n\n script_name(english:\"YaBB YaBB.pl usersrecentposts Action username Parameter XSS\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains a CGI application that is prone to \ncross-site scripting attacks.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of YaBB (Yet Another Bulletin Board) on the\nremote host suffers from a remote cross-site scripting flaw due to its\nfailure to properly sanitize input passed via the 'username' parameter\nand used as part of the 'usersrecentposts' action. By exploiting this\nflaw, a remote attacker can cause arbitrary code to be executed in a\nuser's browser in the context of the affected website, resulting in\nthe theft of authentication data or other such attacks.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to YaBB version 2 RC2 or greater.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2005/03/10\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2005/03/13\");\n script_cvs_date(\"Date: 2018/09/10 11:37:04\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"remote\");\nscript_end_attributes();\n\n \n script_summary(english:\"Checks for usersrecentposts cross-site scripting vulnerability in YaBB\");\n script_category(ACT_ATTACK);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CGI abuses : XSS\");\n script_dependencie(\"http_version.nasl\", \"cross_site_scripting.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:80, embedded: 0);\n\nif (thorough_tests) dirs = list_uniq(make_list(\"/yabb\", \"/yabb2\", \"/forum\", cgi_dirs()));\nelse dirs = make_list(cgi_dirs());\n\ntest_cgi_xss(port: port, cgi: \"/YaBB.pl\", dirs: dirs, \n qs: \"<IFRAME%20SRC%3Djavascript:alert('Nessus%2Dwas%2Dhere')><%252FIFRAME>\",\n pass_str: \"<IFRAME SRC=javascript:alert('Nessus%2Dwas%2Dhere')\" );\n\n", "naslFamily": "CGI abuses : XSS", "pluginID": "17305", "cpe": []}
{"cve": [{"lastseen": "2017-07-11T11:14:49", "references": ["http://securitytracker.com/id?1013420", "http://marc.info/?l=bugtraq&m=111083400601759&w=2", "http://www.securityfocus.com/bid/12756", "https://exchange.xforce.ibmcloud.com/vulnerabilities/19671"], "description": "Cross-site scripting (XSS) vulnerability in usersrecentposts in YaBB 2.0 rc1 allows remote attackers to inject arbitrary web script or HTML via the username parameter.", "edition": 3, "reporter": "NVD", "published": "2005-05-02T00:00:00", "title": "CVE-2005-0785", "type": "cve", "enchantments": {"score": {"modified": "2017-07-11T11:14:49", "vector": "NONE", "value": 4.3}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2005-0785"], "scanner": [], "modified": "2017-07-10T21:32:24", "cpe": ["cpe:/a:yabb:yabb:2.0_rc1"], "id": "CVE-2005-0785", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0785", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-09-03T05:12:38", "references": ["http://securitytracker.com/id?1013420", "http://www.securityfocus.com/bid/12756"], "description": "Cross-site scripting (XSS) vulnerability in YaBB.pl for YaBB 2.0 RC1 allows remote attackers to inject arbitrary web script or HTML via the username parameter in a usersrecentposts action.", "edition": 1, "reporter": "NVD", "published": "2005-03-08T00:00:00", "title": "CVE-2005-0741", "type": "cve", "enchantments": {"score": {"modified": "2016-09-03T05:12:38", "vector": "NONE", "value": 4.3}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2005-0741"], "scanner": [], "cpe": ["cpe:/a:yabb:yabb:2.0_rc1"], "modified": "2008-09-05T16:47:10", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0741", "id": "CVE-2005-0741", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:10", "references": [], "edition": 1, "description": "## Manual Testing Notes\nhttp://[target]/YaBB.pl?action=usersrecentposts;username=<IFR \nAME%20SRC%3Djavascript:alert('XSS-Vulnerability')><%252FIFRAME>\n## References:\nVendor URL: http://www.yabbforum.com/\nSecurity Tracker: 1013420\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-03/0235.html\n[CVE-2005-0741](https://vulners.com/cve/CVE-2005-0741)\nBugtraq ID: 12756\n", "reporter": "OSVDB", "published": "2005-03-13T03:24:03", "type": "osvdb", "title": "YaBB2 YaBB.pl usersrecentposts XSS", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2005-0741"], "modified": "2005-03-13T03:24:03", "href": "https://vulners.com/osvdb/OSVDB:14827", "id": "OSVDB:14827", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "exploitdb": [{"lastseen": "2016-02-03T00:51:34", "osvdbidlist": ["14827"], "references": [], "edition": 1, "description": "YaBB 2.0 Remote UsersRecentPosts Cross-Site Scripting Vulnerability. CVE-2005-0741. Webapps exploit for php platform", "reporter": "trueend5", "published": "2005-03-08T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "type": "exploitdb", "title": "YaBB 2.0 - Remote UsersRecentPosts Cross-Site Scripting Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2005-0741"], "modified": "2005-03-08T00:00:00", "id": "EDB-ID:25199", "href": "https://www.exploit-db.com/exploits/25199/", "sourceData": "source: http://www.securityfocus.com/bid/12756/info\r\n\r\nA remote cross-site scripting vulnerability affects YaBB. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content.\r\n\r\nAn attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks. \r\n\r\nhttp://www.example.com/YaBB.pl?action=usersrecentposts;username=<IFRAME%20SRC%3Djavascript:alert('PersianHacker.NET-XSS')><%252FIFRAME>\r\nhttp://wordforlife.com/cgi-bin/yabb2/YaBB.pl?action=usersrecentposts;username=<IFRAME%20SRC%3Djavascript:alert('PersianHacker.NET-XSS')><%252FIFRAME>\r\nhttp://yabbtest.spikecity.net/cgi-bin/SP2/YaBB.pl?action=usersrecentposts;username=<IFRAME%20SRC%3Djavascript:alert('PersianHacker.NET-XSS')><%252FIFRAME> \r\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/25199/"}]}
