Avatar URL XSS Vulnerability in MyBB

Summary

Vulnerability
Avatar URL XSS Vulnerability in MyBB
Discovered
2006.07.22
Last Update
2006.08.01 Exploitation code published
ID
EV0132
CVE
n/a
Risk Level
medium
Type
Cross Site Scripting
Status
Unpatched. No reply from developer(s)
Vendor
MyBB Group (http://www.mybboard.com/)
Vulnerable Software
MyBB (http://www.mybboard.com/)
Version
1.1.6 and earlier
PoC/Exploit
Available
Solution
Available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

Cross Site Scripting found in MyBB (http://www.mybboard.com/) script.

Every user has an ability to edit his avatar URL. Avatar URL is not properly sanitized. This can be used to post arbitrary web script code using 'Tab' symbol.

PoC/Exploit

Example of XSS:

Avatar URL:

javasc ript:alert(123)

(using 'Tab' symbol to separate 'script' word)

Solution.

Solution is available at vendors web site:

Upgrade your copy of MyBB to the 1.1.7 version.

http://www.mybboard.com/