• info
• discussion
• exploit
• solution
• references

Binary Board System Multiple Cross-Site Scripting Vulnerabilities

No exploit is required.

The following proof of concept URI are available:
http://www.example.com/reply.pl?board=1&article=81&inreplyto=[XSS]&[member]=yes
http://www.example.com/reply.pl?board=1&article=[XSS]&inreplyto=0&[member]=yes
http://www.example.com/reply.pl?board=[XSS]&article=81&inreplyto=&[member]=yes
http://www.example.com/stats.pl?action=branchdetail&branch=[XSS]&view=posts&[member]=yes
http://www.example.com/stats.pl?action=boarddetail&board=[XSS]&view=posts&[member]=yes
http://www.example.com/stats.pl?action=userdetail&user=[XSS]&view=posts&[member]=yes
http://www.example.com/toc.pl?board=[XSS]&[member]=yes