kapda-13.txt

`[KAPDA::#13] - XMB (extreme message board) HTML  
Injection & Path Disclosure.  
  
KAPDA New advisory  
Vendor: http://www.xmbforum.com  
Bug: HTML Injection & Path Disclosure  
Exploitation: Remote with browser  
  
Description:  
--------------------  
XMB is a free message board powered by PHP and MySQL.  
  
Vulnerability:  
--------------------  
HTML Injection: The software does not properly filter  
HTML tags in member.php ["Your Current Mood" field] at  
the time of registeration (/member.php?action=reg)  
that may allow a remote user to inject HTML/javascript  
codes. The hostile code may be rendered in the web  
browser of the victim user who will visit the  
board.(persistent)  
For example: >> Your Current Mood:  
<script>alert(document.cookie)</script>  
Vulnerable Versions: XMB 1.9.3 Nexus (Final) , XMB  
1.9.2 Nexus & also all versins  
Path Disclosure:A remote user can supply a specially  
crafted URL to cause the system to display an error  
message that  
discloses the installation path and other data.  
Demonstration URL :  
http://localhost/XMB/Files/post.php?action=newthread&fid=PATH  
Vulnerable Version: XMB 1.9.2 Nexus  
  
Solution:  
--------------------  
There is no vendor-supplied patch for this issue at  
this time.  
Note: the security patch that released by vendor is  
for another vulnerability  
  
Original advisory:  
--------------------  
http://irannetjob.com/content/view/163/28/  
  
Credit :  
--------------------  
Discovered & released by trueend5 (trueend5 kapda ir)  
Security Science Researchers Institute Of Iran  
[http://www.KAPDA.ir]  
  
  
  
  
  
  
__________________________________   
Yahoo! Mail - PC Magazine Editors' Choice 2005   
http://mail.yahoo.com  
`