Recent BBCode XSS vulnerabilities

Here is short summary of recent BBCode XSS vulnerabilities discovered by eVuln team. Full list with details is available on the eVuln Security Advisories page.

BBCode CSS XSS in slickMsg.

Description.

It is possible to inject XSS code (expression) into CSS style of size and color bbcodes.

size and color values are not properly sanitized before being used in CSS code.

Note: works in MS IE

Exploit.

XSS example 1: [size=expression(alert(123))]size[/size]

XSS example 2: [color=expression(alert(456))]blue[/color]

Solution

Solution is not available.

Other details >>

url BBCode XSS in slickMsg.

Description.

It is possible to inject XSS code into link bbcode.

"url" value is not properly sanitized before being used in HTML code.

Condition: click on link is required.

Exploit.

XSS example: [url=javascript:alert(123)]bbcode xss test[/url]

Solution

Solution is not available.

Other details >>

img BBCode XSS and Cookie SQL Injection in EKINboard .

Description.

Arbitrary JavaScript code insertion is possible in BBcode [img].

Vulnerable Script: config.php

Variables $_COOKIE['username'] $_COOKIE['password'] are not properly sanitized. This can be used to bypass authentication or make any SQL query by injecting arbitrary SQL code.

Exploit.

[img=javascript:alert(123)]

Cookie: username=' or 1/*

Cookie: password=[any]

Solution.

Vendor-provided patch is available here:

http://www.ekinboard.com/forums/v1/viewtopic.php?id=469

Other details >>

BBCode XSS Vulnerability in M. Blom HTML:BBCode.

Description.

Arbitrary script code insertion is possible in BBcode [url] and [img] tags.

Vulnerable script file: all scripts which use output to HTML

Exploit.

BBcode Cross-Site Scripting Examples:

[img]javascript:alert(123)[/img]

[url=javascript:alert(123)]Click me[/url]

Solution.

Problem fixed in 1.05 version.

http://menno.b10m.net/perl/dists/HTML-BBCode-1.05.tar.gz

Other details >>

BBCode XSS Vulnerabilities in My Blog.

Description.

Arbitrary script code insertion is possible in BBcode [url] and [img] tags.

Exploit.

BBcode Cross-Site Scripting Examples:

[img]javascript:alert(123)[/img]

[url=javascript:alert(123)]Click me[/url]

Solution.

Install new version: 1.65 or replace BBCode.pm module by new one from:
http://menno.b10m.net/perl/dists/HTML-BBCode-1.05.tar.gz

Other details >>
Advisories by vuln type

Website Monitoring

Daily malware scanning. Allows to receive alerts about security problems in your website.
Details >>

Malicious redirects detected?

eVuln team will eliminate the reason, clean your website and monitor it.
Details >>

Website blacklisted?

eVuln team will clean your website, discover and fix security holes, remove from blacklists.
Details >>