EV0132.txt

2006-08-17T00:00:00
ID PACKETSTORM:49003
Type packetstorm
Reporter Aliaksandr Hartsuyeu
Modified 2006-08-17T00:00:00

Description

                                        
                                            `New eVuln Advisory:  
MyBB 'Avatar URL' XSS Vulnerability  
http://evuln.com/vulns/132/summary.html  
  
--------------------Summary----------------  
eVuln ID: EV0132  
Vendor: MyBB Group  
Vendor's Web Site: http://www.mybboard.com/  
Software: MyBB  
Sowtware's Web Site: http://www.mybboard.com/  
Versions: 1.1.6 and earlier  
Critical Level: Moderate  
Type: Cross-Site Scripting  
Class: Remote  
Status: Unpatched. No reply from developer(s)  
PoC/Exploit: Available  
Solution: Available  
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)  
  
-----------------Description---------------  
Every user has an ability to edit his avatar URL. Avatar URL is not properly sanitized. This can be used to post arbitrary web script code using 'Tab' symbol.  
  
--------------PoC/Exploit----------------------  
  
Example of XSS:  
  
Avatar URL:  
javasc ript:alert(123)  
(using 'Tab' symbol to separate 'script' word)  
  
--------------Solution---------------------  
Solution is available at vendors web site:  
  
Upgrade you copy of MyBB to the 1.1.7 version.  
  
http://www.mybboard.com/  
  
--------------Credit-----------------------  
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)  
  
  
Regards,  
Aliaksandr Hartsuyeu  
http://evuln.com - Penetration Testing Services  
`