[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

www.proboards.com / YaBB XSS Vuln

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: www.proboards.com / YaBB XSS Vuln
From: <admin@xxxxxxxxxxxxx>
Date: 15 Sep 2004 23:12:42 -0000


A Cross Site scripting vulnerability exists currently for all boards of the 
ever popular www.proboards.com which has code based off of the popular YaBB 
Forums.

This can result in an attacker stealing users Cookie Information and possible 
defacing/hijacking of the message board and its users accounts on the message 
board.

The following code can be used to execute this XSS vuln:

http://WEBSITE/index.cgi?board=[BOARDNAME]&action=display&num=[VALID TOPIC 
NUMBER]&">&lt;script&gt;alert(document.cookie);&lt;/script&gt;

Be Cautious of suspicous looking links.

##################################
# -LJ Lemke  leetflash@xxxxxxxxx #
##################################

Follow-Ups:
- RE: www.proboards.com / YaBB XSS Vuln
  - From: GulfTech Security

Prev by Date: RE: Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow
Next by Date: Re: cdrecord local root exploit
Previous by thread: TSLSA-2004-0047 - multi
Next by thread: RE: www.proboards.com / YaBB XSS Vuln
Index(es):
- Date
- Thread