——————–Summary—————-
Software: MyBB
Sowtware’s Web Site: http://www.mybboard.com
Versions: 1.1.3
Class: Remote
Status: Patched
Exploit: Available
Discovered by: imei addmimistrator
Risk Level:low-medium
—————–Description—————
Mybb has a security bug that allows hackers run unwanted scripts into client’s browser that well known as XSS cross site scripting attack.
bug is in result of poor cheknig for unicode inputs in url, that results to executing javascript direct call in some common beowser, as IE, FF and etc… this is cause of this fact that browsers pay attention to unicode data but mybb don’t.
————–See Also——————
{inc/functions_post.php}near 138
function fixjavascript($message)
{
$message = preg_replace(”#javascript:#i”, “java script:”, $message);
/* …….. */
{alos near 19}
$message = preg_replace(”#&(?!\#[0-9]+;)#si”, “&”, $message); // fix & but allow unicode
————–Exploit———————-
post this message:
[url]javascript:alert(’imei is Here’);//://ddd[/url]
————–Solution———————
Upgrade to vendor provided patch.
————–Credit———————–
Discovered by: imei addmimistrator
addmimistrator[4]gmail[O]com
www.myimei.com
security.myimei.com
http://www.securityfocus.com/bid/18702
Left by imei on June 29th, 2006