Bugtraq mailing list archives
RE: www.proboards.com / YaBB XSS Vuln
From: "GulfTech Security" <security () gulftech org>
Date: Thu, 16 Sep 2004 16:10:57 -0500
Do ProBoards use YaBB, or did they just mod the YaBB code to be their own? Either way having a look at this http://www.securityfocus.com/bid/5078/exploit/ Kinda leads me to believe that more vulns exist in ProBoards that have been addressed in YaBB? (as the invalid topic xss in YaBB is kinda old) While we are on the topic of YaBB though, here are a few vulns in YaBB that I never really made public until now. I don't think anyone else has reported them yet anyway. http://host/YaBB.pl?board=;action=imsend;to=%22%3E%3Cscript%3Ealert(document .cookie)%3C/script%3E This is XSS in all versions I believe, and am sure at least up to YaBB 1 Gold - SP 1.3.1 Another issue with YaBB is it is full of CSRF holes which leads to forced command execution. This allows an attacker to do things like delete peoples inbox's, delete posts, pin topics, lock topics, and much much more. I think out of all the CSRF holes in YaBB the worst is probably this. http://host/YaBB.pl?board=;action=modifycat;id=CATEGORYNAMEHERE;moda=Remove2 Put that in an image tag and you can kill a board as soon as an admin views your post or PM's as this will delete entire categories and everything in it. But yeah man, if ProBoards are using the YaBB codebase they should definitely implement some strict session auth or something as it is one of the most insecure message board apps I can think of. James -----Original Message----- From: admin () leetflash com [mailto:admin () leetflash com] Sent: Wednesday, September 15, 2004 6:13 PM To: bugtraq () securityfocus com Subject: www.proboards.com / YaBB XSS Vuln A Cross Site scripting vulnerability exists currently for all boards of the ever popular www.proboards.com which has code based off of the popular YaBB Forums. This can result in an attacker stealing users Cookie Information and possible defacing/hijacking of the message board and its users accounts on the message board.
Current thread:
- www.proboards.com / YaBB XSS Vuln admin (Sep 16)
- RE: www.proboards.com / YaBB XSS Vuln GulfTech Security (Sep 17)
- <Possible follow-ups>
- Re: www.proboards.com / YaBB XSS Vuln Patrick Clinger (Sep 17)