AOH :: HP Unsorted P :: BT-21755.HTM

PBBoard <=2.0.2 - XSS in Topic



PBBoard <=2.0.2 - XSS in Topic
PBBoard <=2.0.2 - XSS in Topic



[Sec-Area Advisory]pbboard <=2.0.2 - XSS in Topic
Details
======Product: PHP <= PBBoard
Security-Risk: moderated
Remote-Exploit: yes
Vendor-URL: http://www.pbboard.com 

Credits
===========Discovered by: rUnViRuS
site: http://www.sec-area.com 

Affected Products:
----------------------------
test on PBBoard 2.0.2
maybe work under 2.0.2 

Original Advisory:
===========http://www.sec-area.com/?p=141 

More Details
===========1. Cross-site scripting 
-----------------------------------
enable malicious attackers to inject client-side script into web pages

Proof of concept:
Make a new topic in In the title Write some Javascript/HTML
Back to forums 
You will find the code works

Proof of concept code:
go to : http://www.pbboard.com/forums/index.php?page=new_topic&index=1&id=[Section id ] 
then 
In the title Write some Javascript/HTML
like :  
Back to forums 
You will find the code works

--------------------------------------------

[W]orld [D]efacers [T]eam
http://www.Sec-area.com 

--------------------------------------------

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.