[[ TH 026 Inc. ]] SA #2 - IcrediBB 1.1, Cross Site Scripting vulnerability.

[Daniel Nyström <exce () netwinder nu>]

Telhack 026 Inc. Security Advisory - #2
_________________________________________

Name: IcrediBB 1.1 (iBB Beta 1.1)
Impact: Medium (Cross Site Scripting)
Date: April 19 / 2002
_________________________________________

Daniel Nyström <exce () netwinder nu>


_I N F O_
IcrediBB is a web BB. PHP powered, MySQL backend. Quick as well as
easy on the server's resources. Vendor has been notified of all issues
discussed.
vendor is at: http://www.icredibb.com , and the package used for
experimentation
was icredi1-1.tar.gz found at http://www.sourceforge.net -> icredibb .


_P R O B L E M_
A Cross Site Scripting has been found due to insufficient checking of user
input
in both thread title and body. Therefore a user may post a message
containing
hostile javascript for example.


_I M P A C T_
Medium, as stealing of cookies is possible and probably you can mess up alot
of
things in MSIE * with evil javascript.


_E X P L O I T I N G_
Post a message containing:
<script>alert('Cross Site Scripting possible');</script>
in either the subject line or the message body. When users view the
forum(subject vuln)
or the post(body vuln) the javascript will be executed.

_F I X E S_
This vulnerability exist because of improper checking of user input. Suggest
vendor filter
out bad HTML and release new vesion.


/Daniel Nyström a.k.a. excE @ Telhack 026 Inc.


http://excelsi0r.darktech.org
http://www.telhack.com