lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <1095368023_40193@mail.cableone.net>
Date: Thu, 16 Sep 2004 16:10:57 -0500
From: "GulfTech Security" <security@...ftech.org>
To: <bugtraq@...urityfocus.com>
Subject: RE: www.proboards.com / YaBB XSS Vuln


Do ProBoards use YaBB, or did they just mod the YaBB code to be their own?
Either way having a look at this

http://www.securityfocus.com/bid/5078/exploit/

Kinda leads me to believe that more vulns exist in ProBoards that have been
addressed in YaBB? (as the invalid topic xss in YaBB is kinda old)

While we are on the topic of YaBB though, here are a few vulns in YaBB that
I never really made public until now. I don't think anyone else has reported
them yet anyway.

http://host/YaBB.pl?board=;action=imsend;to=%22%3E%3Cscript%3Ealert(document
.cookie)%3C/script%3E

This is XSS in all versions I believe, and am sure at least up to YaBB 1
Gold - SP 1.3.1

Another issue with YaBB is it is full of CSRF holes which leads to forced
command execution. This allows an attacker to do things like delete peoples
inbox's, delete posts, pin topics, lock topics, and much much more. I think
out of all the CSRF holes in YaBB the worst is probably this.

http://host/YaBB.pl?board=;action=modifycat;id=CATEGORYNAMEHERE;moda=Remove2

Put that in an image tag and you can kill a board as soon as an admin views
your post or PM's as this will delete entire categories and everything in
it.

But yeah man, if ProBoards are using the YaBB codebase they should
definitely implement some strict session auth or something as it is one of
the most insecure message board apps I can think of.

James


-----Original Message-----
From: admin@...tflash.com [mailto:admin@...tflash.com] 
Sent: Wednesday, September 15, 2004 6:13 PM
To: bugtraq@...urityfocus.com
Subject: www.proboards.com / YaBB XSS Vuln



A Cross Site scripting vulnerability exists currently for all boards of the
ever popular www.proboards.com which has code based off of the popular YaBB
Forums.

This can result in an attacker stealing users Cookie Information and
possible defacing/hijacking of the message board and its users accounts on
the message board.




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ