Dangerous BBCode Script Vulnerability In NBBC!

I wish I had all the answers for you and I wish I could take away all the vulnerabilities on the web. The harsh reality of the situation is that it is not possible. I may not be able to take away all the vulnerabilities on the web, but I am able to tell you about a new vulnerability which has taken place. The latest vulnerability which has been reported and discovered relates to the BBCode Script Vulnerability in NBBC.

Before I go any further I would like to provide you with some additional information with regards to NBBC. The reason I would like to explain this to you, is so that you will all have a general idea of exactly what NBBC is, so without any further a due let me proceed in my explanation. NNBC is The New BBCode Parser, which is a fast extensible parser for the BBCode document language. It is written in PHP and it is actually able to convert BBCode input in HTML output, this output will fully conform with the XHTML. NBBC is able to be used on any operating system or web server with the inclusion of Windows 2000. Some of the files of Windows 2000 may include but are not limited to the following: msimdbpc.dll, msimdbmg.dll, msimdbcr.dll, msidpe.dll, msidlpm.dll as well as mshtmdbg.dll.

This vulnerability relates to the specific input which is passed from the "[img]" BBCode tag. This tag as it stands isn't accurately sanitized before the conversion process into HTML. Basically the risk that this presents us with, is that it may be exploited in order to insert various arbitrary HTML as well as script code. This may then get executed in a browser session, in the exact context of a website which is affected when this malicious data is being looked at.

This NNBC vulnerability is lethal due to the factor that it may be effectively exploited by malicious individuals in order to perform highly dangerous script insertion attacks. This vulnerability has been rated as moderately critical yet it is still dangerous and could result in disastrous consequences.

The question that may be asked is? What versions does this vulnerability affect? The versions which have been affected by this vulnerability are versions before 1.4.2. Users of NBBC may be wondering at exactly this point in time, what the solution to this problem is? The solution is for all users to update immediately to version 1.4.2. The best of luck to you all in saving yourselves from this vulnerability.