Navboard Multiple Local File Include and Cross-Site Scripting Vulnerabilities

info
discussion
exploit
solution
references

Navboard Multiple Local File Include and Cross-Site Scripting Vulnerabilities

Attackers can exploit these issues via a browser. To exploit a cross-site scripting vulnerability, the attacker must entice an unsuspecting user to view a maliciously crafted URI.

The following example URIs are available:

http://www.example.com/path/admin_modules.php?module=[LFI]
http://www.example.com/path/modules.php?module=[LFI]
http://www.example.com/path/modules.php?module=[XSS]