Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2004-2022 Tenable Network Security, Inc.YABB_XSS.NASL
HistorySep 21, 2004 - 12:00 a.m.

YaBB 1 GOLD SP 1.3.2 Multiple Vulnerabilities

2004-09-2100:00:00
This script is Copyright (C) 2004-2022 Tenable Network Security, Inc.
www.tenable.com
238

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.015 Low

EPSS

Percentile

87.1%

JSON

The ‘YaBB.pl’ CGI is installed. This version is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input.

As a result of this vulnerability, it is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of an unsuspecting user when followed.

Another flaw in YaBB may allow an attacker to execute malicious administrative commands on the remote host by sending malformed IMG tags in posts to the remote YaBB forum and waiting for the forum administrator to view one of the posts.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(14782);
  script_version("1.31");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");

  script_cve_id("CVE-2004-2402", "CVE-2004-2403");
  script_bugtraq_id(11214, 11215);

  script_name(english:"YaBB 1 GOLD SP 1.3.2 Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"The remote web server contains a CGI application that suffers from
multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The 'YaBB.pl' CGI is installed. This version is affected by a
cross-site scripting vulnerability. This issue is due to a failure of
the application to properly sanitize user-supplied input.

As a result of this vulnerability, it is possible for a remote
attacker to create a malicious link containing script code that will
be executed in the browser of an unsuspecting user when followed.

Another flaw in YaBB may allow an attacker to execute malicious
administrative commands on the remote host by sending malformed IMG
tags in posts to the remote YaBB forum and waiting for the forum
administrator to view one of the posts.");
  script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2004/Sep/226");
  script_set_attribute(attribute:"solution", value:
"Unknown at this time.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");

  script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);

  script_set_attribute(attribute:"vuln_publication_date", value:"2004/09/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/21");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:yabb:yabb");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2004-2022 Tenable Network Security, Inc.");

  script_dependencies("cross_site_scripting.nasl");
  script_require_keys("Settings/ParanoidReport");
  script_exclude_keys("Settings/disable_cgi_scanning");
  script_require_ports("Services/www", 80);

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("http_func.inc");
include("http_keepalive.inc");
include("misc_func.inc");

if (report_paranoia < 2) audit(AUDIT_PARANOID);

port = get_http_port(default:80, embedded:TRUE);
if (get_kb_item("Services/www/"+port+"/embedded")) exit(0);
if ( get_kb_item("www/" + port + "/generic_xss") ) exit(0);

if (thorough_tests) dirs = list_uniq(make_list("/yabb", "/forum", cgi_dirs()));
else dirs = make_list(cgi_dirs());

foreach dir (cgi_dirs())
{
 req = string(dir, "/YaBB.pl?board=;action=imsend;to=%22%3E%3Cscript%3Efoo%3C/script%3E");
 req = http_get(item:req, port:port);
 r = http_keepalive_send_recv(port:port, data:req, bodyonly:1);
 if( isnull(r) )exit(0);
 if (egrep(pattern:"<script>foo</script>", string:r))
 {
       security_note(port);
       set_kb_item(name: 'www/'+port+'/XSS', value: TRUE);
       exit(0);
 }
}
VendorProductVersionCPE
yabbyabbcpe:/a:yabb:yabb

Related

openvas 1
nvd 2
cve 2
cvelist 2
openvas
openvas
YaBB 1 GOLD SP 1.3.2 Multiple Vulnerabilities
2005-11-03 00:00:00
nvd
nvd
CVE-2004-2402
2004-12-31 05:00:00
CVE-2004-2403
2004-12-31 05:00:00
cve
cve
CVE-2004-2402
2005-08-17 04:00:00
CVE-2004-2403
2005-08-17 04:00:00
cvelist
cvelist
CVE-2004-2403
2005-08-17 04:00:00
CVE-2004-2402
2005-08-17 04:00:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.015 Low

EPSS

Percentile

87.1%

JSON
Related for YABB_XSS.NASL
openvas1nvd2cve2cvelist2