Vulnerabilities > CVE-2002-0316 - Unspecified vulnerability in XMB Software XMB Forum 1.6Prebeta

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
xmb-software
nessus
exploit available
NVD
Published: 2002-06-25
Updated: 2024-11-20

Summary

Cross-site scripting vulnerability in eXtreme message board (XMB) 1.6x and earlier allows remote attackers to execute script as other XMB users by inserting the script into an IMG tag.

Vulnerable Configurations

Part Description Count
Application
Xmb_Software
1

Exploit-Db

descriptionXMB Forum 1.6 pre-beta Image Tag Script Injection Vulnerability. CVE-2002-0316. Webapps exploit for php platform
idEDB-ID:21300
last seen2016-02-02
modified2002-02-22
published2002-02-22
reporterskizzik
sourcehttps://www.exploit-db.com/download/21300/
titleXMB Forum 1.6 pre-beta Image Tag Script Injection Vulnerability

Nessus

NASL familyCGI abuses : XSS
NASL idXMB_XSS.NASL
descriptionThe remote host is running XMB Forum, a web forum written in PHP. The version of XMB installed on the remote host is affected by several cross-site scripting issues.
last seen2020-06-01
modified2020-06-02
plugin id11527
published2003-04-08
reporterThis script is Copyright (C) 2003-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/11527
titleXMB < 1.9.1 Multiple XSS
code
#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");

if (description)
{
 script_id(11527);
 script_version ("1.32");

 script_cve_id("CVE-2002-0316", "CVE-2003-0375", "CVE-2003-0483");
 script_bugtraq_id(4167, 4944, 8013);
 script_xref(name:"EDB-ID", value:"21300");

 script_name(english:"XMB < 1.9.1 Multiple XSS");

 script_set_attribute(attribute:"synopsis", value:
"The remote web server contains several PHP scripts that are prone to
cross-site scripting attacks." );
 script_set_attribute(attribute:"description", value:
"The remote host is running XMB Forum, a web forum written in PHP.

The version of XMB installed on the remote host is affected by several
cross-site scripting issues." );
 script_set_attribute(attribute:"see_also", value:"https://marc.info/?l=bugtraq&m=101447886404876&w=2" );
 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?27b51f87" );
 script_set_attribute(attribute:"see_also", value:"https://marc.info/?l=bugtraq&m=105638720409307&w=2" );
 script_set_attribute(attribute:"see_also", value:"https://marc.info/?l=bugtraq&m=105363936402228&w=2" );
 script_set_attribute(attribute:"solution", value:
"Upgrade to XMB 1.9.1 or later." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
 script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
 script_set_attribute(attribute:"exploit_available", value:"false");
 script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);

 script_set_attribute(attribute:"plugin_publication_date", value: "2003/04/08");
 script_set_attribute(attribute:"vuln_publication_date", value: "2003/06/23");
 script_cvs_date("Date: 2018/11/15 20:50:20");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();

 script_summary(english:"Determine if XMB forums is vulnerable to xss attack");
 script_category(ACT_GATHER_INFO);
 script_family(english:"CGI abuses : XSS");
 script_copyright(english:"This script is Copyright (C) 2003-2018 Tenable Network Security, Inc.");
 script_dependencie("http_version.nasl", "cross_site_scripting.nasl");
 script_require_ports("Services/www", 80);
 script_exclude_keys("Settings/disable_cgi_scanning");
 script_require_keys("www/PHP");
 exit(0);
}

include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

port = get_http_port(default:80, embedded: 0);
if(!can_host_php(port:port))exit(0);
if(get_kb_item(string("www/", port, "/generic_xss"))) exit(0);


xss = '<script>x</script>';
if (thorough_tests){
  dirs = list_uniq(make_list("/xmb", "/forum", "/forums", "/board", cgi_dirs()));
  exploits = make_list(
    string('/forumdisplay.php?fid=21">', xss),
    string('/buddy.php?action=', xss),
    string('/admin.php?action=viewpro&member=admin', xss)
  );
} 
else {
  dirs = make_list(cgi_dirs());
  exploits = make_list(
    string('/forumdisplay.php?fid=21">', xss)
  );
}

foreach dir (dirs) {
 foreach exploit (exploits) {
  url = string(dir, exploit);
  r = http_send_recv3(method: "GET", item:url, port:port);
  if( isnull(r) ) exit(0);
  buf = r[2];
  if (
   (
    "Powered by X M B" >< buf ||
    "Powered by XMB" >< buf 
   ) && 
   xss >< buf
  ) {
   security_warning(port);
   set_kb_item(name: 'www/'+port+'/XSS', value: TRUE);
   exit(0);
  }
 }
}

Statements

contributor
lastmodified2008-12-11
organizationXMB
statementXMB versions 1.9.8 and later were checked and are not vulnerable.

References