Avatar URL XSS Vulnerability in MyBB
Summary
- Vulnerability
- Avatar URL XSS Vulnerability in MyBB
- Discovered
- 2006.07.22
- Last Update
- 2006.08.01 Exploitation code published
- ID
- EV0132
- CVE
- n/a
- Risk Level
- medium
- Type
- Cross Site Scripting
- Status
- Unpatched. No reply from developer(s)
- Vendor
- MyBB Group (http://www.mybboard.com/)
- Vulnerable Software
- MyBB (http://www.mybboard.com/)
- Version
- 1.1.6 and earlier
- PoC/Exploit
- Available
- Solution
- Available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Description
Cross Site Scripting found in MyBB (http://www.mybboard.com/) script.
Every user has an ability to edit his avatar URL. Avatar URL is not properly sanitized. This can be used to post arbitrary web script code using 'Tab' symbol.
PoC/Exploit
Example of XSS:
Avatar URL:
javasc ript:alert(123)
(using 'Tab' symbol to separate 'script' word)
Solution.
Solution is available at vendors web site:
Upgrade your copy of MyBB to the 1.1.7 version.
http://www.mybboard.com/