BBcode XSS Vulnerability in NavBoard
Summary
- Vulnerability
- BBcode XSS Vulnerability in NavBoard
- Discovered
- 2006.01.07
- Last Update
- 0 n/a
- ID
- EV0019
- CVE
- CVE-2006-0140
- Risk Level
- medium
- Type
- Cross Site Scripting
- Status
- Unpatched
- Vendor
- NavBoard (http://navarone.f2o.org/)
- Vulnerable Software
- NavBoard (http://sourceforge.net/projects/navboard/)
- Version
- checked: V16 Stable(2.6.0) and V17beta2
- PoC/Exploit
- Available
- Solution
- Available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Description
Cross Site Scripting found in NavBoard (http://sourceforge.net/projects/navboard/) script.
Arbitrary script code insertion is possible in BBcode.
Vulnerable Script: post.php
BBcode isn't properly sanitized. This can be used to post arbitrary script code which will be executed in the browser of every visitor.
Administrator's cookie-based authentication is threatened.
Login and plain text Password are stored in Cookies.
Administrator can modify PHP Code from Administrator's panel.
PoC/Exploit
BBcode Examples:
For V16(2.6.0)
[b]<XSS>[/b][textlarge]<XSS>[/textlarge]
For V16(2.6.0) and V17beta2
[url=javascript:alert(XSS)]title[/url]
Solution.
No vendor-provided patch availabve.
Solution: disable BBcode