Full Disclosure mailing list archives
BetaBoard Cross Site Scripting vulnerability
From: izi <easy.mask () gmail com>
Date: Mon, 17 Apr 2006 00:58:27 +0200
//----- Advisory Program : BetaBoard Homepage : http://gonzo.uni-weimar.de/~scheffl2/betaboard/ Tested version : 0.1 Found by : Simon MOREL <philemon at thehackademy dot net> This advisory : Simon MOREL <philemon at thehackademy dot net> Discovery date : 2006/04/16 //----- Application description BetaBoard is a small german forum in which thread list is displayed as an indented tree. //----- Description of vulnerability Malicious JavaScript code can be insert in user's profile. //----- Proof Of Concept <script>alert('document.cookie')</script> //----- Impact Every user reading evil guy's profile can have his cookie stolen //----- Credits Simon MOREL <philemon at thehackademy dot net> http://www.sysdream.com //----- Greetings Celelibi for his English ;> _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- BetaBoard Cross Site Scripting vulnerability izi (Apr 16)