Do ProBoards use YaBB, or did they just mod the YaBB code to be their own? Either way having a look at this http://www.securityfocus.com/bid/5078/exploit/ Kinda leads me to believe that more vulns exist in ProBoards that have been addressed in YaBB? (as the invalid topic xss in YaBB is kinda old) While we are on the topic of YaBB though, here are a few vulns in YaBB that I never really made public until now. I don't think anyone else has reported them yet anyway. http://host/YaBB.pl?board=;action=imsend;to=%22%3E%3Cscript%3Ealert(document .cookie)%3C/script%3E This is XSS in all versions I believe, and am sure at least up to YaBB 1 Gold - SP 1.3.1 Another issue with YaBB is it is full of CSRF holes which leads to forced command execution. This allows an attacker to do things like delete peoples inbox's, delete posts, pin topics, lock topics, and much much more. I think out of all the CSRF holes in YaBB the worst is probably this. http://host/YaBB.pl?board=;action=modifycat;id=CATEGORYNAMEHERE;moda=Remove2 Put that in an image tag and you can kill a board as soon as an admin views your post or PM's as this will delete entire categories and everything in it. But yeah man, if ProBoards are using the YaBB codebase they should definitely implement some strict session auth or something as it is one of the most insecure message board apps I can think of. James -----Original Message----- From: admin@xxxxxxxxxxxxx [mailto:admin@xxxxxxxxxxxxx] Sent: Wednesday, September 15, 2004 6:13 PM To: bugtraq@xxxxxxxxxxxxxxxxx Subject: www.proboards.com / YaBB XSS Vuln A Cross Site scripting vulnerability exists currently for all boards of the ever popular www.proboards.com which has code based off of the popular YaBB Forums. This can result in an attacker stealing users Cookie Information and possible defacing/hijacking of the message board and its users accounts on the message board.
