[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

BetaBoard Cross Site Scripting vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: BetaBoard Cross Site Scripting vulnerability
From: easy.mask@xxxxxxxxx
Date: 16 Apr 2006 22:44:28 -0000

//----- Advisory


Program          : BetaBoard
Homepage         : http://gonzo.uni-weimar.de/~scheffl2/betaboard/
Tested version   : 0.1
Found by         : Simon MOREL <philemon at thehackademy dot net>
This advisory    : Simon MOREL <philemon at thehackademy dot net>
Discovery date   : 2006/04/16



//----- Application description


BetaBoard is a small german forum in which thread list is displayed as an 
indented tree.  



//----- Description of vulnerability


Malicious JavaScript code can be insert in user's profile.



//----- Proof Of Concept


<script>alert('document.cookie')</script>



//----- Impact


Every user reading evil guy's profile can have his cookie stolen



//----- Credits


Simon MOREL <philemon at thehackademy dot net>
http://www.sysdream.com



//----- Greetings


Celelibi for his English ;>

Prev by Date: MyEvent Remote File Execution And XSS Attacking
Next by Date: PhpWebFTP 3.2 Login Script
Previous by thread: MyEvent Remote File Execution And XSS Attacking
Next by thread: PhpWebFTP 3.2 Login Script
Index(es):
- Date
- Thread