[KAPDA::#13] - XMB (extreme message board) HTML Injection & Path Disclosure. KAPDA New advisory Vendor: http://www.xmbforum.com Bug: HTML Injection & Path Disclosure Exploitation: Remote with browser Description: -------------------- XMB is a free message board powered by PHP and MySQL. Vulnerability: -------------------- HTML Injection: The software does not properly filter HTML tags in member.php ["Your Current Mood" field] at the time of registeration (/member.php?action=reg) that may allow a remote user to inject HTML/javascript codes. The hostile code may be rendered in the web browser of the victim user who will visit the board.(persistent) For example: >> Your Current Mood: Vulnerable Versions: XMB 1.9.3 Nexus (Final) , XMB 1.9.2 Nexus & also all versins Path Disclosure:A remote user can supply a specially crafted URL to cause the system to display an error message that discloses the installation path and other data. Demonstration URL : http://localhost/XMB/Files/post.php?action=newthread&fid=PATH Vulnerable Version: XMB 1.9.2 Nexus Solution: -------------------- There is no vendor-supplied patch for this issue at this time. Note: the security patch that released by vendor is for another vulnerability Original advisory: -------------------- http://irannetjob.com/content/view/163/28/ Credit : -------------------- Discovered & released by trueend5 (trueend5 kapda ir) Security Science Researchers Institute Of Iran [http://www.KAPDA.ir] __________________________________ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com