Search
Home

imei Addmimistrator’s BugBlog

imei’s security Advisories and researches

« MyBB 1.0.4~member.php~XSS Attack in contact details
MyBB1.1.0~global.php~ParameterExtracting »

MyBB 1.1.0~functions_post.php~XSS Attack

——————-Summary—————-
Software: MyBB
Sowtware’s Web Site: http://www.mybboard.com
Versions: 1.1.0
Class: Remote
Status: Unpatched
Exploit: Private
Solution: Not Available
Discovered by: imei addmimistrator
Risk Level: medume
—————–Description—————
There is a security bug in MyBB 1.1.0 software (latest version fully patched) that allows attacker performe a XSS cross site scripting attack.bug is in phrasing [IMG] & [EMAIL] code process and that is in result of poor checking quotations in parameters of myCodes.
source of buggy code:

functions_post.php{65}
“#\[email\](.*?)\[/email\]#ei”,

functions_post.php{102}
$message = preg_replace(”#\[img\]([a-z]+?://){1}(.+?)\[/img\]#i” ,”<img xsrc=\”$1$2\” border=\”0\” alt=\”\” /> “, $message);
————–Exploit———————-
For a hacker, it is too clear that how can he exploit this bug,even with all of preventing and limitation systems. but we dont public any exploit…
XSS preventing system alters some of ways to XSS attacks but not all of them.
each level bug should solve in itselfe’s level solutions.
but btw think about:
[img]http://a” XSS into Events[/img]
————–Solution———————
suggestion to vendor: dont remove qoutation from tags via preg_replace but make them htmlspecialchared.
————–Credit———————–
Discovered by: imei addmimistrator
addmimistrator[4]gmail[O]com
www.myimei.com
security.myimei.com

Posted by imei on Sunday, March 12th, 2006 at 12:00 am.

7 Responses to “MyBB 1.1.0~functions_post.php~XSS Attack”

    hi

    Left by kotomoto on March 16th, 2006

    hello mr coll guy!
    how’r u imei?
    lol this’s the great blog (with angelia jolie header ha ha)

    but about mybb! perfect but is better you first fuck them not until this
    ho ho hoo!
    babay imei

    Left by ali on March 17th, 2006

    [...] ORIGINAL ADVISORY: myimei.com/security/2006-03-12/ mybb-110functions_postphpxss-attack.html http://kapda.ir/advisory-305.html ———- ——————-Summary—————- Software: MyBB Sowtware’s Web Site: http://www.mybboard.com Versions: 1.1.0 Class: Remote Status: Unpatched Exploit: Private Solution: Not Available Discovered by: imei addmimistrator Risk Level: medume —————–Description————— There is a security bug in MyBB 1.1.0 software (latest version fully patched) that allows attacker performe a XSS cross site scripting attack. VISIT ORIGINALS TO MORE DETAILES;) [...]

    Left by Tech Blog » Blog Archive » [KAPDA::#38] - MyBB 1.1.0~functions_post.php~XSS Attack on April 10th, 2006

    It is a link of mybb admin and software owner that credited us:
    http://community.mybboard.net/showthread.php?tid=7368
    thank him and hope to be useful

    Left by imei on April 11th, 2006

    http://community.mybboard.net/showthread.php?tid=8232
    again credit and confirm!

    Left by imei on April 15th, 2006

    http://www.securityfocus.com/bid/17564
    http://secunia.com/advisories/19668/
    just I dont know why my advisory that publiced before devil-00 ’s one, in secunia.com detected as additionall information!!! even Chris Bulton knows that I post advisory and password for it many days ago!
    by the way secfoc verified us!

    Left by imei on April 18th, 2006

    http://www.securityfocus.com/bid/17413/references

    Left by imei on April 28th, 2006

Something to say?

You must be logged in to post a comment.