BugTraq
PunBB 1.3.6 bug Sep 25 2011 02:14PM
Amir irist ir (1 replies)
Re: PunBB 1.3.6 bug Sep 26 2011 05:07PM
Henri Salo (henri nerv fi)
On Sun, Sep 25, 2011 at 02:14:37PM +0000, Amir (at) irist (dot) ir [email concealed] wrote:
> ########################################################################
#############################################
> # #
> # Islamic Republic Of Iran Security Team #
> # #
> # Www.IrIsT.Ir #
> # #
> ########################################################################
#############################################
> # #
> # PunBB <== 1.3.6 Cross-Site Scripting Vulnerabilities #
> # #
> # Download......: http://punbb.informer.com/downloads.php#1.3.6 #
> # #
> # Bug Found.....: IrIsT? #
> # #
> # discovery.....: Am!r (IrIsT?) #
> # #
> # contact.......: Amir[at]IrIsT.ir #
> # #
> # Exploit.......: http://www.site.com/browse.php?keywords=[xss]&search=Search&projects=1&s
tyles=1&forums=1 #
> # #
> # Google Search.: "Powered By PunBB" #
> # #
> # SP TNX........: B3HZ4D & satanicstar & SeCuRiTy & m3hdi & vahid4251 & all IrIsT members #
> # & h4ckcity.org & phc.ir & all SP #
> # #
> ########################################################################
#############################################

You definately have an error here. There is no browse.php-file in PunBB installation. I don't know what your intentions were on reporting this, but definately false-positive as far as I can tell. Did you notice that several problems was fixed in this release?

Regards,
Henri Salo

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus