BBcode XSS Vulnerability in NavBoard

Summary

Vulnerability
BBcode XSS Vulnerability in NavBoard
Discovered
2006.01.07
Last Update
0 n/a
ID
EV0019
CVE
CVE-2006-0140
Risk Level
medium
Type
Cross Site Scripting
Status
Unpatched
Vendor
NavBoard (http://navarone.f2o.org/)
Vulnerable Software
NavBoard (http://sourceforge.net/projects/navboard/)
Version
checked: V16 Stable(2.6.0) and V17beta2
PoC/Exploit
Available
Solution
Available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

Cross Site Scripting found in NavBoard (http://sourceforge.net/projects/navboard/) script.

Arbitrary script code insertion is possible in BBcode.

Vulnerable Script: post.php

BBcode isn't properly sanitized. This can be used to post arbitrary script code which will be executed in the browser of every visitor.

Administrator's cookie-based authentication is threatened.

Login and plain text Password are stored in Cookies.

Administrator can modify PHP Code from Administrator's panel.

PoC/Exploit

BBcode Examples:

For V16(2.6.0)
[b]<XSS>[/b][textlarge]<XSS>[/textlarge]

For V16(2.6.0) and V17beta2
[url=javascript:alert(XSS)]title[/url]

Solution.

No vendor-provided patch availabve.

Solution: disable BBcode

Order Source Code Audit made by eVuln team

Prevent hacking by source code analysis of your website or web application made by our team.The order will be done by experts in web security.

Advisories by vuln type

Website Monitoring

Daily malware scanning. Allows to receive alerts about security problems in your website.
Details >>

Malicious redirects detected?

eVuln team will eliminate the reason, clean your website and monitor it.
Details >>

Website blacklisted?

eVuln team will clean your website, discover and fix security holes, remove from blacklists.
Details >>