Home / os / winme

vikiboard012.txt

Posted on 20 November 2006

vendor site:http://vikingboard.com/ product:Vikingboard (0.1.2) bug:local file include & multiples permanent xss risk:medium error sql : /members.php?s=-80 xss permanent : - in private message , an attacker can send a pm to an administrator with some javascript into the subject field an get his cookie stealed - in the forum , an attacker can post a topic , with some javascript into the subject field , then when you get in : http://site.com/forum/ you will get your cookie stealed direcly . those xss are a serious security issue for a forum , because they are permanent . local file include : also once the attacker have stoolen the cookie , then he will get admin , in the administration there's a local file include here : /admin.php?act=../../../../../../../../../../../../../../etc/passwd%00 laurent gaffié & benjamin mossé http://s-a-p.ca/ contact: saps.audit@gmail.com

 

TOP