ID YABB_USERSRECENTPOSTS_XSS.NASL Type nessus Reporter Tenable Modified 2015-01-16T00:00:00
Description
The installed version of YaBB (Yet Another Bulletin Board) on the remote host suffers from a remote cross-site scripting flaw due to its failure to properly sanitize input passed via the 'username' parameter and used as part of the 'usersrecentposts' action. By exploiting this flaw, a remote attacker can cause arbitrary code to be executed in a user's browser in the context of the affected website, resulting in the theft of authentication data or other such attacks.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description) {
script_id(17305);
script_version("$Revision: 1.17 $");
script_cve_id("CVE-2005-0741", "CVE-2005-0785");
script_bugtraq_id(12756);
script_xref(name:"OSVDB", value:"14827");
script_name(english:"YaBB YaBB.pl usersrecentposts Action username Parameter XSS");
script_set_attribute(attribute:"synopsis", value:
"The remote web server contains a CGI application that is prone to
cross-site scripting attacks." );
script_set_attribute(attribute:"description", value:
"The installed version of YaBB (Yet Another Bulletin Board) on the
remote host suffers from a remote cross-site scripting flaw due to its
failure to properly sanitize input passed via the 'username' parameter
and used as part of the 'usersrecentposts' action. By exploiting this
flaw, a remote attacker can cause arbitrary code to be executed in a
user's browser in the context of the affected website, resulting in
the theft of authentication data or other such attacks." );
script_set_attribute(attribute:"solution", value:
"Upgrade to YaBB version 2 RC2 or greater." );
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
script_set_attribute(attribute:"exploit_available", value:"true");
script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
script_set_attribute(attribute:"plugin_publication_date", value: "2005/03/10");
script_set_attribute(attribute:"vuln_publication_date", value: "2005/03/13");
script_cvs_date("$Date: 2015/01/16 03:36:09 $");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();
script_summary(english:"Checks for usersrecentposts cross-site scripting vulnerability in YaBB");
script_category(ACT_ATTACK);
script_copyright(english:"This script is Copyright (C) 2005-2015 Tenable Network Security, Inc.");
script_family(english:"CGI abuses : XSS");
script_dependencie("http_version.nasl", "cross_site_scripting.nasl");
script_require_ports("Services/www", 80);
script_exclude_keys("Settings/disable_cgi_scanning");
exit(0);
}
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
port = get_http_port(default:80, embedded: 0);
if (thorough_tests) dirs = list_uniq(make_list("/yabb", "/yabb2", "/forum", cgi_dirs()));
else dirs = make_list(cgi_dirs());
test_cgi_xss(port: port, cgi: "/YaBB.pl", dirs: dirs,
qs: "<IFRAME%20SRC%3Djavascript:alert('Nessus%2Dwas%2Dhere')><%252FIFRAME>",
pass_str: "<IFRAME SRC=javascript:alert('Nessus%2Dwas%2Dhere')" );
{"id": "YABB_USERSRECENTPOSTS_XSS.NASL", "bulletinFamily": "scanner", "title": "YaBB YaBB.pl usersrecentposts Action username Parameter XSS", "description": "The installed version of YaBB (Yet Another Bulletin Board) on the remote host suffers from a remote cross-site scripting flaw due to its failure to properly sanitize input passed via the 'username' parameter and used as part of the 'usersrecentposts' action. By exploiting this flaw, a remote attacker can cause arbitrary code to be executed in a user's browser in the context of the affected website, resulting in the theft of authentication data or other such attacks.", "published": "2005-03-10T00:00:00", "modified": "2015-01-16T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=17305", "reporter": "Tenable", "references": [], "cvelist": ["CVE-2005-0785", "CVE-2005-0741"], "type": "nessus", "lastseen": "2016-09-26T17:26:37", "history": [], "edition": 1, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "b0402bac01b38dbccb6faa19f866fe1e"}, {"key": "cvss", "hash": "6e9bdd2021503689a2ad9254c9cdf2b3"}, {"key": "description", "hash": "0c9fa6aa853cc4da5eb0c66ae0ee2b6d"}, {"key": "href", "hash": "9d957e5f5242ddce2aacfd682a9ff126"}, {"key": "modified", "hash": "577ef4cb2f774b0dfc1f5ba70ac1557f"}, {"key": "naslFamily", "hash": "61e021375865ee20d8f9e2562510b86f"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "pluginID", "hash": "87dbbcde02455fc1add054b412a87714"}, {"key": "published", "hash": "baf5b025127dc26570193114dc9afa6a"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "0d5b4767ec008e10aa6bf2ca8a78492c"}, {"key": "title", "hash": "1470bf9e741f2af528f6f76566eb5f25"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "c5e14d54144061ca4456132ddcab0d84902f86ddcdb976fb58029ea02ddced79", "viewCount": 120, "objectVersion": "1.2", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\ninclude(\"compat.inc\");\n\nif (description) {\n script_id(17305);\n script_version(\"$Revision: 1.17 $\");\n\n script_cve_id(\"CVE-2005-0741\", \"CVE-2005-0785\");\n script_bugtraq_id(12756);\n script_xref(name:\"OSVDB\", value:\"14827\");\n\n script_name(english:\"YaBB YaBB.pl usersrecentposts Action username Parameter XSS\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains a CGI application that is prone to \ncross-site scripting attacks.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of YaBB (Yet Another Bulletin Board) on the\nremote host suffers from a remote cross-site scripting flaw due to its\nfailure to properly sanitize input passed via the 'username' parameter\nand used as part of the 'usersrecentposts' action. By exploiting this\nflaw, a remote attacker can cause arbitrary code to be executed in a\nuser's browser in the context of the affected website, resulting in\nthe theft of authentication data or other such attacks.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to YaBB version 2 RC2 or greater.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2005/03/10\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2005/03/13\");\n script_cvs_date(\"$Date: 2015/01/16 03:36:09 $\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"remote\");\nscript_end_attributes();\n\n \n script_summary(english:\"Checks for usersrecentposts cross-site scripting vulnerability in YaBB\");\n script_category(ACT_ATTACK);\n script_copyright(english:\"This script is Copyright (C) 2005-2015 Tenable Network Security, Inc.\");\n script_family(english:\"CGI abuses : XSS\");\n script_dependencie(\"http_version.nasl\", \"cross_site_scripting.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:80, embedded: 0);\n\nif (thorough_tests) dirs = list_uniq(make_list(\"/yabb\", \"/yabb2\", \"/forum\", cgi_dirs()));\nelse dirs = make_list(cgi_dirs());\n\ntest_cgi_xss(port: port, cgi: \"/YaBB.pl\", dirs: dirs, \n qs: \"<IFRAME%20SRC%3Djavascript:alert('Nessus%2Dwas%2Dhere')><%252FIFRAME>\",\n pass_str: \"<IFRAME SRC=javascript:alert('Nessus%2Dwas%2Dhere')\" );\n\n", "naslFamily": "CGI abuses : XSS", "pluginID": "17305", "enchantments": {"vulnersScore": 5.4}}
{"result": {"cve": [{"id": "CVE-2005-0785", "type": "cve", "title": "CVE-2005-0785", "description": "Cross-site scripting (XSS) vulnerability in usersrecentposts in YaBB 2.0 rc1 allows remote attackers to inject arbitrary web script or HTML via the username parameter.", "published": "2005-05-02T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0785", "cvelist": ["CVE-2005-0785"], "lastseen": "2017-07-11T11:14:49"}, {"id": "CVE-2005-0741", "type": "cve", "title": "CVE-2005-0741", "description": "Cross-site scripting (XSS) vulnerability in YaBB.pl for YaBB 2.0 RC1 allows remote attackers to inject arbitrary web script or HTML via the username parameter in a usersrecentposts action.", "published": "2005-03-08T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0741", "cvelist": ["CVE-2005-0741"], "lastseen": "2016-09-03T05:12:38"}], "osvdb": [{"id": "OSVDB:14827", "type": "osvdb", "title": "YaBB2 YaBB.pl usersrecentposts XSS", "description": "## Manual Testing Notes\nhttp://[target]/YaBB.pl?action=usersrecentposts;username=<IFR \nAME%20SRC%3Djavascript:alert('XSS-Vulnerability')><%252FIFRAME>\n## References:\nVendor URL: http://www.yabbforum.com/\nSecurity Tracker: 1013420\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-03/0235.html\n[CVE-2005-0741](https://vulners.com/cve/CVE-2005-0741)\nBugtraq ID: 12756\n", "published": "2005-03-13T03:24:03", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://vulners.com/osvdb/OSVDB:14827", "cvelist": ["CVE-2005-0741"], "lastseen": "2017-04-28T13:20:10"}], "exploitdb": [{"id": "EDB-ID:25199", "type": "exploitdb", "title": "YaBB 2.0 - Remote UsersRecentPosts Cross-Site Scripting Vulnerability", "description": "YaBB 2.0 Remote UsersRecentPosts Cross-Site Scripting Vulnerability. CVE-2005-0741. Webapps exploit for php platform", "published": "2005-03-08T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.exploit-db.com/exploits/25199/", "cvelist": ["CVE-2005-0741"], "lastseen": "2016-02-03T00:51:34"}]}}