Secunia Security Advisory - syini666 has reported some vulnerabilities in MyBulletinBoard, which can be exploited by malicious people to cause a DoS (Denial of Service), manipulate certain information, and conduct script insertion attacks. 1) Input passed to the subject field when creating a new thread isn't properly sanitised before being used. This can be exploited to inject arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious user data is viewed in the main page. 2) Some input passed in the Reputation system isn't properly sanitised before being used. This can be exploited to inject arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious user data is viewed in the user configuration panel. 3) The problem is that users can delete or move other users' private messages (PM). Successful exploitation requires knowledge of the ID number. 4) An unspecified error can be exploited to cause a Denial of Service on a vulnerable server.
d709d4dc02083dc2a4a63a3939a57f68b30a1a2724b44314e44b4aec0258c98e
TITLE:
MyBulletinBoard Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA17577
VERIFY ADVISORY:
http://secunia.com/advisories/17577/
CRITICAL:
Moderately critical
IMPACT:
Cross Site Scripting, Manipulation of data, DoS
WHERE:
>From remote
SOFTWARE:
MyBulletinBoard (MyBB)
http://secunia.com/product/4479/
DESCRIPTION:
syini666 has reported some vulnerabilities in MyBulletinBoard, which
can be exploited by malicious people to cause a DoS (Denial of
Service), manipulate certain information, and conduct script
insertion attacks.
1) Input passed to the subject field when creating a new thread isn't
properly sanitised before being used. This can be exploited to inject
arbitrary HTML and script code, which will be executed in a user's
browser session in context of an affected site when the malicious
user data is viewed in the main page.
2) Some input passed in the Reputation system isn't properly
sanitised before being used. This can be exploited to inject
arbitrary HTML and script code, which will be executed in a user's
browser session in context of an affected site when the malicious
user data is viewed in the user configuration panel.
3) The problem is that users can delete or move other users' private
messages (PM).
Successful exploitation requires knowledge of the ID number.
4) An unspecified error can be exploited to cause a Denial of Service
on a vulnerable server.
SOLUTION:
2, 4) Update to MyBB PR2 (Revision 686 updated 2005-11-01).
http://www.mybboard.net/mybb_pr2_20051101.zip
1, 3) Edit the source code to ensure that input is properly sanitised
and verified.
PROVIDED AND/OR DISCOVERED BY:
1-3) syini666
4) Reported by vendor.
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------