Full Disclosure mailing list archives
Re: [Full-disclosure] “Cross-Site Scripting” vulnerability in MyBB 1.4.5
From: Micheal Cottingham <techie.micheal () gmail com>
Date: Sun, 3 May 2009 19:21:51 -0400
That's the problem with XSS, it isn't just one. I've seen XSS that in turn injects PHP code in to an admin panel that in turn led to RCE. I've also seen XSS that led to session hijacking that in turn led to XSS which ultimately led to mass client exploitation. The bad guys have been using these multi-staged attacks for quite some time. http://www.coresecurity.com/content/understanding-multistaged-threats agrees with me. XSS is particularly nasty because it runs in the client. It is no longer just cookie stealing, but mass client exploitation, RCE, SQL injection, CSRF, and so on. It is even used to pivot in to the internal network, as is the case with MS09-002 (I think that's the one, someone please correct me if I'm wrong). Entire frameworks have been built around just XSS. For example BeEF and Jikto. This is why Jacques Copeau said that the XSS could lead to CSRF and then RCE. On Sun, May 3, 2009 at 5:19 PM, Andrew Farmer <andfarm () gmail com> wrote:
On 03 May 09, at 05:01, Jacques Copeau wrote:Advisory : “Cross-Site Scripting” vulnerability in MyBB<snip>The XSS renders in all browsers and on various pages inside the myBB software. We consider it to be particularly grave, as it renders on the ACP user overview page; this can be easily exploited to construct a universal CSRF vulnerability that introduces malicious php code into the script.So, er, is this vulnerability XSS, CSRF, or RCE? Pick one and stick with it. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- “Cross-Site Scripting” vulnerability in MyBB 1.4.5 Jacques Copeau (May 03)
- Re: “Cross-Site Scripting” vulnerability in MyBB 1.4.5 Andrew Farmer (May 03)
- Re: [Full-disclosure] “Cross-Site Scripting” vulnerability in MyBB 1.4.5 Micheal Cottingham (May 03)
- Re: [Full-disclosure] “Cross-Site Scripting” vulnerability in MyBB 1.4.5 Jacques Copeau (May 04)
- Re: “Cross-Site Scripting” vulnerability in MyBB 1.4.5 Andrew Farmer (May 03)