Bugtraq mailing list archives
TangoBB 1.5.0-A3 XSS Vulnerability
From: dennis.veninga () gmail com
Date: Wed, 25 Feb 2015 15:37:55 GMT
# Exploit Title: TangoBB 1.5.0-A3 XSS Vulnerability # Google Dork: "Powered by TangoBB" # Date: 24-2-2015 # Exploit Author: Dennis Veninga # Vendor Homepage: https://github.com/Codetana/TangoBB # Version: 1.5.0-A3 # Tested on: Firefox 36 & Chrome 38 / W8.1-x64 # CVE : NONE Published: 24-2-2015 Vendor updated: 24-2-2015 TangoBB -> Version: 1.5.0-A3 Date: 24-2-2015 Found By: Dennis Veninga Exploit info: XSS Vulnerability Dork: "Powered by TangoBB" XSS: http://{target}/TangoBB/new.php/node/1 Affects: created topic, so an user can infect other users with malware and or take over their systems.
Current thread:
- TangoBB 1.5.0-A3 XSS Vulnerability dennis . veninga (Feb 26)