Respect for Rgod...R.I.P my master!
AUTHOR :
Matrix86
Contact:
matrix86 [AT ] tuxmealux [ DOT] net
Found Permanent Xss in:
/profile.php
/viewtopic.php
Vulnerability info:
Line: 673
Code: $msg = preg_replace("/\[img\]http://(.*?)\[\/img\]/si", "<img src=\"\\1\" border=\"0\">", $msg);
Description:
The UPB doesn't clean the signature from quotes and javascript codes. An attacker can insert a maliciuos js code (using BB code) to grab cookie data or another evil actions.
Example:
Insert this into the signature:
[IMG]/upb/images/avatars/scooby.gif" OnLoad="alert(1)"[/img]
Fix:
To fix this you can check data on insert time to delete js code, or use htmlentities().
Good Work.
