YaBB2 rc1 XSS

[alireza hassani <trueend5 () yahoo com>]

[PersianHacker.NET 200503-08] YaBB2 rc1 XSS
Vulnerability
Date: 2005 March
Bug Number: 08
bid:12756 

 
YaBB 
is a leading free forum software package that rivals
any professional message board out there. It provides
a real-time chat and support system for your visitors.
 
More info @:
http://www.yabbforum.com/
 
 
Discussion:
--------------------
XSS Vulnerability in 'usersrecentposts' that may allow
a remote user to launch cross-site
scripting attacks.
 
This issue could permit a remote attacker to create a
malicious URI link that includes
hostile HTML and script code. If this link were to be
followed, the hostile
code may be rendered in the web browser of the victim
user. This would occur in
the security context of the affected Web site and may
allow for theft of cookie-
based authentication credentials or other attacks.
 
This vulnerability is reported to exist in YaBB2 rc1,
other versions might
also be affected. 
 
Exploit:
--------------------
http://www.example.com/YaBB.pl?action=usersrecentposts;username=<IFRAME%20SRC%3Djavascript:alert('XSS-Vulnerability')><%252FIFRAME>
 
 
Solution:
--------------------
no solution at this time.
 
 
Credit:
--------------------
Discovered by PersianHacker.NET Security Team
by Alireza Hassani (trueend5 yahoo com)
http://www.PersianHacker.NET
 
 
Help
--------------------
Read our whitepaper about XSS Vulnerability (only in
FARSI language):
http://www.persianhacker.net/articles/article-2322.html
visit: http://www.PersianHacker.NET
or mail me @: trueend5 yahoo com
 
& 2 iranians all around the world: Happy 4shanbesoori and Happy New Year