XMB BBcode align Tag XSS

2004-02-24T06:05:37
ID OSVDB:4045
Type osvdb
Reporter Janek Vind "waraxe"(come2waraxe@yahoo.com)
Modified 2004-02-24T06:05:37

Description

Vulnerability Description

Extreme Messageboard aka XMB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate BBcode align tag in a message body. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Technical Description

This vulnerability can be used any where that BBcode is allowed in XMB. For example, u2u, profile's signature and in forum threads

Solution Description

Upgrade to version 1.8 SP3 or 1.9 Nexus BETA or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Extreme Messageboard aka XMB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate BBcode align tag in a message body. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

text1 [align=center onmouseover=alert(document.cookie);] text2 [/align]

text1 [img=1x1]javascript:alert(document.cookie);//gif[/img] text2

Ending "//gif" is needed for successful exploit, because bbcode implementation will check for it.

References:

Vendor URL: http://www.xmbforum.com Vendor URL: http://www.aventure-media.co.uk Secunia Advisory ID:10963 Related OSVDB ID: 4043 Related OSVDB ID: 4044 Related OSVDB ID: 4047 Related OSVDB ID: 4048 Related OSVDB ID: 4046 Related OSVDB ID: 4049 Related OSVDB ID: 4041 Related OSVDB ID: 4042 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-02/0595.html Keyword: BBcode Keyword: cross site scripting,XSS,XMB,XMB Group,XMB Forum,Extreme Messageboard,Aventure Media ISS X-Force ID: 15294 CVE-2004-0322 Bugtraq ID: 9726