#69 Cross Site Scripting Vulnerability in YaBB 2.5.2

CVS 2.x
open
Corey Chapman
9
2013-10-08
2013-10-08
nikhil
No

Hello,

I found a cross site scripting vulnerability in YaBB 2.5.2 source. here is the report

Vulnerability Type:
Cross site scripting

Vulnerable software and version
Yabb 2.5.2 (latest release)

Steps to reproduce:
1. Go to http://localhost/YaBB_2.5.2/public_html/yabbfiles/mediaplayer.swf
2. When you decomile the swf file, you will see file,image,link Flash parameter allow external url, that would cause in content spoofing vulnerability through file and image parameter and link param allow Cross site scripting Vulnerability.
3. For success full exploitation, attacker would reproduce it like below

http://localhost/mediaplayer.swf?file=http://content.bitsontherun.com/videos/bkaovAYt-364766.flv&autostart=false&image=http://appsec.ws/ExploitDB/cMon.jpg&linkfromdisplay=true&link=javascript:confirm(/xss/);//&linktarget=_blank&.swf

  1. When a file loaded with above parameter is accessed by victim and play the video, the content is displaying to the victim what attacker want to show him and when the victim clicks anywhere on the video, javascript got executed and He/she will give away their cookies or any operation targeted by an attacker.

Discussion

  • nikhil
    nikhil
    2013-10-08

    Browser:
    Working perfectly on firefox 25.0