Lucene search
+L

kapda-25.txt

🗓️ 27 Jan 2006 00:00:00Reported by Roozbeh AfrasiabiType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 35 Views

MyBB 1.x has a medium risk Cross Site Scripting vulnerability due to input validation failures.

Code
`[KAPDA::#25] - MyBB 1.x Cross_Site_Scripting  
  
KAPDA New advisory  
  
Vulnerable products : MYBB 1.x  
Vendor: www.mybboard.net/  
Risk: medium   
Vulnerabilities: Cross_Site_Scripting  
Discoverd by Roozbeh Afrasiabi  
www.persiax.com  
  
Date :  
--------------------  
Found : Jan 21 2006  
Vendor Contacted : N/A  
Release Date : N/A  
  
About :  
--------------------  
MyBB is a powerful, efficient and free forum package developed in PHP and MySQL.MyBB has been designed with the end users in mind, you and your subscribers. Full control over your discussion system is p resented right at the tip of your fingers, from multiple styles and themes to the ultimate customisation of your forums using the template system.  
  
  
  
Vulnerability:  
--------------------  
Cross_Site_Scripting (XSS,CSS):  
  
MYBB is affected by a cross-site scripting vulnerability. This issue is due to the failure of the application to properly sanitize user-supplied input.  
  
As a result of this vulnerability, it is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of an unsuspecting user when followed.   
  
  
Detail and PoC :  
--------------------  
  
1)  
  
The application does not validate the "notepad" variable upon submission to the usercp.php script via the POST method.The personal pad would save this data which would later be displayed to the user(i.e on visiting the persoanal pad page).   
  
h**p://[target]/usercp.php?action=notepad  
notepad=</textarea><script>alert(document.cookie)</script>  
  
  
2)  
  
This flaw exists because the application does not validate the "signature" variable upon submission to the usercp.php script via the POST method.  
  
h**p://[target]/usercp.php?action=editsig  
signature=</textarea><script>alert(document.cookie)</script>  
  
  
  
Solution :  
--------------------  
N/A  
  
  
Original Advisory :  
--------------------  
http://kapda.ir/advisory-241.html  
  
  
Credit :  
--------------------  
Discoverd by Roozbeh Afrasiabi  
roozbeh_afrasiabi[at]yahoo.com  
black_death[at]kapda.ir  
www.persiax.com  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

27 Jan 2006 00:00Current
7.4High risk
Vulners AI Score7.4
35