XSS vuln with cookie disclosure when posting a msg (Tested on boardhost.com's test msg board and a members board):
Boardhost doesn't properly filter user input before generating it. For PoC (Works on members with free account) try putting:
<IMG SRC="javascript:alert('XSS');">
Now, to bypass the filters for Members with paying accounts, its pretty easy. You'll notice they have paying accounts if their boards let you post links and images
with your post. For a PoC there, in the Message:, or links input boxes just put http:// before your javascript.
Description:
Free Msgboard hosting service.
Homepage:
http://www.Boardhost.com
Affected files
Input boxes of posting a message
Searching for a listing board
-------------------------------------------------
XSS vuln with cookie disclosure when posting a msg (Tested on boardhost.com's test msg board and a members board):
Boardhost doesn't properly filter user input before generating it. For PoC (Works on members with free account) try putting:
<IMG SRC="javascript:alert('XSS');">
Now, to bypass the filters for Members with paying accounts, its pretty easy. You'll notice they have paying accounts if their boards let you post links and images
with your post. For a PoC there, in the Message:, or links input boxes just put http:// before your javascript.
http://<IMG SRC="javascript:alert('XSS');">
Screenshots:
http://www.youfucktard.com/xsp/boardhost1.jpg
http://www.youfucktard.com/xsp/boardhost2.jpg
http://www.youfucktard.com/xsp/boardhost3.jpg
http://www.youfucktard.com/xsp/boardhost4.jpg
[ reply ]